From: David Miller <davem@davemloft.net>
To: stable@vger.kernel.org
Subject: [GIT] Networking
Date: Fri, 31 May 2019 14:16:26 -0700 (PDT) [thread overview]
Message-ID: <20190531.141626.1051997873999042502.davem@davemloft.net> (raw)
[-- Attachment #1: Type: Text/Plain, Size: 105 bytes --]
Please queue up the following networking bug fixes for v5.0 and v5.1
-stable, respectively.
Thank you.
[-- Attachment #2: net_50.mbox --]
[-- Type: Application/Octet-Stream, Size: 80931 bytes --]
From 181b720d9f8471698a67425dd9916eb8950a91ac Mon Sep 17 00:00:00 2001
From: Jarod Wilson <jarod@redhat.com>
Date: Fri, 24 May 2019 09:49:28 -0400
Subject: [PATCH 01/33] bonding/802.3ad: fix slave link initialization
transition states
[ Upstream commit 334031219a84b9994594015aab85ed7754c80176 ]
Once in a while, with just the right timing, 802.3ad slaves will fail to
properly initialize, winding up in a weird state, with a partner system
mac address of 00:00:00:00:00:00. This started happening after a fix to
properly track link_failure_count tracking, where an 802.3ad slave that
reported itself as link up in the miimon code, but wasn't able to get a
valid speed/duplex, started getting set to BOND_LINK_FAIL instead of
BOND_LINK_DOWN. That was the proper thing to do for the general "my link
went down" case, but has created a link initialization race that can put
the interface in this odd state.
The simple fix is to instead set the slave link to BOND_LINK_DOWN again,
if the link has never been up (last_link_up == 0), so the link state
doesn't bounce from BOND_LINK_DOWN to BOND_LINK_FAIL -- it hasn't failed
in this case, it simply hasn't been up yet, and this prevents the
unnecessary state change from DOWN to FAIL and getting stuck in an init
failure w/o a partner mac.
Fixes: ea53abfab960 ("bonding/802.3ad: fix link_failure_count tracking")
CC: Jay Vosburgh <j.vosburgh@gmail.com>
CC: Veaceslav Falico <vfalico@gmail.com>
CC: Andy Gospodarek <andy@greyhouse.net>
CC: "David S. Miller" <davem@davemloft.net>
CC: netdev@vger.kernel.org
Tested-by: Heesoon Kim <Heesoon.Kim@stratus.com>
Signed-off-by: Jarod Wilson <jarod@redhat.com>
Acked-by: Jay Vosburgh <jay.vosburgh@canonical.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
---
drivers/net/bonding/bond_main.c | 15 ++++++++++-----
1 file changed, 10 insertions(+), 5 deletions(-)
diff --git a/drivers/net/bonding/bond_main.c b/drivers/net/bonding/bond_main.c
index f89fc6ea6078..4eeece3576e1 100644
--- a/drivers/net/bonding/bond_main.c
+++ b/drivers/net/bonding/bond_main.c
@@ -3123,13 +3123,18 @@ static int bond_slave_netdev_event(unsigned long event,
case NETDEV_CHANGE:
/* For 802.3ad mode only:
* Getting invalid Speed/Duplex values here will put slave
- * in weird state. So mark it as link-fail for the time
- * being and let link-monitoring (miimon) set it right when
- * correct speeds/duplex are available.
+ * in weird state. Mark it as link-fail if the link was
+ * previously up or link-down if it hasn't yet come up, and
+ * let link-monitoring (miimon) set it right when correct
+ * speeds/duplex are available.
*/
if (bond_update_speed_duplex(slave) &&
- BOND_MODE(bond) == BOND_MODE_8023AD)
- slave->link = BOND_LINK_FAIL;
+ BOND_MODE(bond) == BOND_MODE_8023AD) {
+ if (slave->last_link_up)
+ slave->link = BOND_LINK_FAIL;
+ else
+ slave->link = BOND_LINK_DOWN;
+ }
if (BOND_MODE(bond) == BOND_MODE_8023AD)
bond_3ad_adapter_speed_duplex_changed(slave);
--
2.20.1
From f0668474b0983f1f0b449a44e6a6ed99a670cfc5 Mon Sep 17 00:00:00 2001
From: Raju Rangoju <rajur@chelsio.com>
Date: Thu, 23 May 2019 20:41:44 +0530
Subject: [PATCH 02/33] cxgb4: offload VLAN flows regardless of VLAN ethtype
[ Upstream commit b5730061d1056abf317caea823b94d6e12b5b4f6 ]
VLAN flows never get offloaded unless ivlan_vld is set in filter spec.
It's not compulsory for vlan_ethtype to be set.
So, always enable ivlan_vld bit for offloading VLAN flows regardless of
vlan_ethtype is set or not.
Fixes: ad9af3e09c (cxgb4: add tc flower match support for vlan)
Signed-off-by: Raju Rangoju <rajur@chelsio.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
---
drivers/net/ethernet/chelsio/cxgb4/cxgb4_tc_flower.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/drivers/net/ethernet/chelsio/cxgb4/cxgb4_tc_flower.c b/drivers/net/ethernet/chelsio/cxgb4/cxgb4_tc_flower.c
index c116f96956fe..f2aba5b160c2 100644
--- a/drivers/net/ethernet/chelsio/cxgb4/cxgb4_tc_flower.c
+++ b/drivers/net/ethernet/chelsio/cxgb4/cxgb4_tc_flower.c
@@ -228,6 +228,9 @@ static void cxgb4_process_flow_match(struct net_device *dev,
fs->val.ivlan = vlan_tci;
fs->mask.ivlan = vlan_tci_mask;
+ fs->val.ivlan_vld = 1;
+ fs->mask.ivlan_vld = 1;
+
/* Chelsio adapters use ivlan_vld bit to match vlan packets
* as 802.1Q. Also, when vlan tag is present in packets,
* ethtype match is used then to match on ethtype of inner
@@ -238,8 +241,6 @@ static void cxgb4_process_flow_match(struct net_device *dev,
* ethtype value with ethtype of inner header.
*/
if (fs->val.ethtype == ETH_P_8021Q) {
- fs->val.ivlan_vld = 1;
- fs->mask.ivlan_vld = 1;
fs->val.ethtype = 0;
fs->mask.ethtype = 0;
}
--
2.20.1
From 22f789d2bf174df619d686dca9eeebaf974552ff Mon Sep 17 00:00:00 2001
From: Eric Dumazet <edumazet@google.com>
Date: Wed, 27 Mar 2019 12:40:33 -0700
Subject: [PATCH 03/33] inet: switch IP ID generator to siphash
[ Upstream commit df453700e8d81b1bdafdf684365ee2b9431fb702 ]
According to Amit Klein and Benny Pinkas, IP ID generation is too weak
and might be used by attackers.
Even with recent net_hash_mix() fix (netns: provide pure entropy for net_hash_mix())
having 64bit key and Jenkins hash is risky.
It is time to switch to siphash and its 128bit keys.
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: Amit Klein <aksecurity@gmail.com>
Reported-by: Benny Pinkas <benny@pinkas.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
---
include/linux/siphash.h | 5 +++++
include/net/netns/ipv4.h | 2 ++
net/ipv4/route.c | 12 +++++++-----
net/ipv6/output_core.c | 30 ++++++++++++++++--------------
4 files changed, 30 insertions(+), 19 deletions(-)
diff --git a/include/linux/siphash.h b/include/linux/siphash.h
index fa7a6b9cedbf..bf21591a9e5e 100644
--- a/include/linux/siphash.h
+++ b/include/linux/siphash.h
@@ -21,6 +21,11 @@ typedef struct {
u64 key[2];
} siphash_key_t;
+static inline bool siphash_key_is_zero(const siphash_key_t *key)
+{
+ return !(key->key[0] | key->key[1]);
+}
+
u64 __siphash_aligned(const void *data, size_t len, const siphash_key_t *key);
#ifndef CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS
u64 __siphash_unaligned(const void *data, size_t len, const siphash_key_t *key);
diff --git a/include/net/netns/ipv4.h b/include/net/netns/ipv4.h
index 104a6669e344..7698460a3dd1 100644
--- a/include/net/netns/ipv4.h
+++ b/include/net/netns/ipv4.h
@@ -9,6 +9,7 @@
#include <linux/uidgid.h>
#include <net/inet_frag.h>
#include <linux/rcupdate.h>
+#include <linux/siphash.h>
struct tcpm_hash_bucket;
struct ctl_table_header;
@@ -217,5 +218,6 @@ struct netns_ipv4 {
unsigned int ipmr_seq; /* protected by rtnl_mutex */
atomic_t rt_genid;
+ siphash_key_t ip_id_key;
};
#endif
diff --git a/net/ipv4/route.c b/net/ipv4/route.c
index 3c89ca325947..b66f78fad98c 100644
--- a/net/ipv4/route.c
+++ b/net/ipv4/route.c
@@ -500,15 +500,17 @@ EXPORT_SYMBOL(ip_idents_reserve);
void __ip_select_ident(struct net *net, struct iphdr *iph, int segs)
{
- static u32 ip_idents_hashrnd __read_mostly;
u32 hash, id;
- net_get_random_once(&ip_idents_hashrnd, sizeof(ip_idents_hashrnd));
+ /* Note the following code is not safe, but this is okay. */
+ if (unlikely(siphash_key_is_zero(&net->ipv4.ip_id_key)))
+ get_random_bytes(&net->ipv4.ip_id_key,
+ sizeof(net->ipv4.ip_id_key));
- hash = jhash_3words((__force u32)iph->daddr,
+ hash = siphash_3u32((__force u32)iph->daddr,
(__force u32)iph->saddr,
- iph->protocol ^ net_hash_mix(net),
- ip_idents_hashrnd);
+ iph->protocol,
+ &net->ipv4.ip_id_key);
id = ip_idents_reserve(hash, segs);
iph->id = htons(id);
}
diff --git a/net/ipv6/output_core.c b/net/ipv6/output_core.c
index 4fe7c90962dd..868ae23dbae1 100644
--- a/net/ipv6/output_core.c
+++ b/net/ipv6/output_core.c
@@ -10,15 +10,25 @@
#include <net/secure_seq.h>
#include <linux/netfilter.h>
-static u32 __ipv6_select_ident(struct net *net, u32 hashrnd,
+static u32 __ipv6_select_ident(struct net *net,
const struct in6_addr *dst,
const struct in6_addr *src)
{
+ const struct {
+ struct in6_addr dst;
+ struct in6_addr src;
+ } __aligned(SIPHASH_ALIGNMENT) combined = {
+ .dst = *dst,
+ .src = *src,
+ };
u32 hash, id;
- hash = __ipv6_addr_jhash(dst, hashrnd);
- hash = __ipv6_addr_jhash(src, hash);
- hash ^= net_hash_mix(net);
+ /* Note the following code is not safe, but this is okay. */
+ if (unlikely(siphash_key_is_zero(&net->ipv4.ip_id_key)))
+ get_random_bytes(&net->ipv4.ip_id_key,
+ sizeof(net->ipv4.ip_id_key));
+
+ hash = siphash(&combined, sizeof(combined), &net->ipv4.ip_id_key);
/* Treat id of 0 as unset and if we get 0 back from ip_idents_reserve,
* set the hight order instead thus minimizing possible future
@@ -41,7 +51,6 @@ static u32 __ipv6_select_ident(struct net *net, u32 hashrnd,
*/
__be32 ipv6_proxy_select_ident(struct net *net, struct sk_buff *skb)
{
- static u32 ip6_proxy_idents_hashrnd __read_mostly;
struct in6_addr buf[2];
struct in6_addr *addrs;
u32 id;
@@ -53,11 +62,7 @@ __be32 ipv6_proxy_select_ident(struct net *net, struct sk_buff *skb)
if (!addrs)
return 0;
- net_get_random_once(&ip6_proxy_idents_hashrnd,
- sizeof(ip6_proxy_idents_hashrnd));
-
- id = __ipv6_select_ident(net, ip6_proxy_idents_hashrnd,
- &addrs[1], &addrs[0]);
+ id = __ipv6_select_ident(net, &addrs[1], &addrs[0]);
return htonl(id);
}
EXPORT_SYMBOL_GPL(ipv6_proxy_select_ident);
@@ -66,12 +71,9 @@ __be32 ipv6_select_ident(struct net *net,
const struct in6_addr *daddr,
const struct in6_addr *saddr)
{
- static u32 ip6_idents_hashrnd __read_mostly;
u32 id;
- net_get_random_once(&ip6_idents_hashrnd, sizeof(ip6_idents_hashrnd));
-
- id = __ipv6_select_ident(net, ip6_idents_hashrnd, daddr, saddr);
+ id = __ipv6_select_ident(net, daddr, saddr);
return htonl(id);
}
EXPORT_SYMBOL(ipv6_select_ident);
--
2.20.1
From b3c8c4fb06aa04b7f9d0af06a87db506b02ae85f Mon Sep 17 00:00:00 2001
From: Eric Dumazet <edumazet@google.com>
Date: Wed, 22 May 2019 16:51:22 -0700
Subject: [PATCH 04/33] ipv4/igmp: fix another memory leak in
igmpv3_del_delrec()
[ Upstream commit 3580d04aa674383c42de7b635d28e52a1e5bc72c ]
syzbot reported memory leaks [1] that I have back tracked to
a missing cleanup from igmpv3_del_delrec() when
(im->sfmode != MCAST_INCLUDE)
Add ip_sf_list_clear_all() and kfree_pmc() helpers to explicitely
handle the cleanups before freeing.
[1]
BUG: memory leak
unreferenced object 0xffff888123e32b00 (size 64):
comm "softirq", pid 0, jiffies 4294942968 (age 8.010s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 e0 00 00 01 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace:
[<000000006105011b>] kmemleak_alloc_recursive include/linux/kmemleak.h:55 [inline]
[<000000006105011b>] slab_post_alloc_hook mm/slab.h:439 [inline]
[<000000006105011b>] slab_alloc mm/slab.c:3326 [inline]
[<000000006105011b>] kmem_cache_alloc_trace+0x13d/0x280 mm/slab.c:3553
[<000000004bba8073>] kmalloc include/linux/slab.h:547 [inline]
[<000000004bba8073>] kzalloc include/linux/slab.h:742 [inline]
[<000000004bba8073>] ip_mc_add1_src net/ipv4/igmp.c:1961 [inline]
[<000000004bba8073>] ip_mc_add_src+0x36b/0x400 net/ipv4/igmp.c:2085
[<00000000a46a65a0>] ip_mc_msfilter+0x22d/0x310 net/ipv4/igmp.c:2475
[<000000005956ca89>] do_ip_setsockopt.isra.0+0x1795/0x1930 net/ipv4/ip_sockglue.c:957
[<00000000848e2d2f>] ip_setsockopt+0x3b/0xb0 net/ipv4/ip_sockglue.c:1246
[<00000000b9db185c>] udp_setsockopt+0x4e/0x90 net/ipv4/udp.c:2616
[<000000003028e438>] sock_common_setsockopt+0x38/0x50 net/core/sock.c:3130
[<0000000015b65589>] __sys_setsockopt+0x98/0x120 net/socket.c:2078
[<00000000ac198ef0>] __do_sys_setsockopt net/socket.c:2089 [inline]
[<00000000ac198ef0>] __se_sys_setsockopt net/socket.c:2086 [inline]
[<00000000ac198ef0>] __x64_sys_setsockopt+0x26/0x30 net/socket.c:2086
[<000000000a770437>] do_syscall_64+0x76/0x1a0 arch/x86/entry/common.c:301
[<00000000d3adb93b>] entry_SYSCALL_64_after_hwframe+0x44/0xa9
Fixes: 9c8bb163ae78 ("igmp, mld: Fix memory leak in igmpv3/mld_del_delrec()")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Hangbin Liu <liuhangbin@gmail.com>
Reported-by: syzbot <syzkaller@googlegroups.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
---
net/ipv4/igmp.c | 47 ++++++++++++++++++++++++++++++-----------------
1 file changed, 30 insertions(+), 17 deletions(-)
diff --git a/net/ipv4/igmp.c b/net/ipv4/igmp.c
index 765b2b32c4a4..9822366d2b41 100644
--- a/net/ipv4/igmp.c
+++ b/net/ipv4/igmp.c
@@ -632,6 +632,24 @@ static void igmpv3_clear_zeros(struct ip_sf_list **ppsf)
}
}
+static void ip_sf_list_clear_all(struct ip_sf_list *psf)
+{
+ struct ip_sf_list *next;
+
+ while (psf) {
+ next = psf->sf_next;
+ kfree(psf);
+ psf = next;
+ }
+}
+
+static void kfree_pmc(struct ip_mc_list *pmc)
+{
+ ip_sf_list_clear_all(pmc->sources);
+ ip_sf_list_clear_all(pmc->tomb);
+ kfree(pmc);
+}
+
static void igmpv3_send_cr(struct in_device *in_dev)
{
struct ip_mc_list *pmc, *pmc_prev, *pmc_next;
@@ -668,7 +686,7 @@ static void igmpv3_send_cr(struct in_device *in_dev)
else
in_dev->mc_tomb = pmc_next;
in_dev_put(pmc->interface);
- kfree(pmc);
+ kfree_pmc(pmc);
} else
pmc_prev = pmc;
}
@@ -1213,14 +1231,18 @@ static void igmpv3_del_delrec(struct in_device *in_dev, struct ip_mc_list *im)
im->interface = pmc->interface;
if (im->sfmode == MCAST_INCLUDE) {
im->tomb = pmc->tomb;
+ pmc->tomb = NULL;
+
im->sources = pmc->sources;
+ pmc->sources = NULL;
+
for (psf = im->sources; psf; psf = psf->sf_next)
psf->sf_crcount = in_dev->mr_qrv ?: net->ipv4.sysctl_igmp_qrv;
} else {
im->crcount = in_dev->mr_qrv ?: net->ipv4.sysctl_igmp_qrv;
}
in_dev_put(pmc->interface);
- kfree(pmc);
+ kfree_pmc(pmc);
}
spin_unlock_bh(&im->lock);
}
@@ -1241,21 +1263,18 @@ static void igmpv3_clear_delrec(struct in_device *in_dev)
nextpmc = pmc->next;
ip_mc_clear_src(pmc);
in_dev_put(pmc->interface);
- kfree(pmc);
+ kfree_pmc(pmc);
}
/* clear dead sources, too */
rcu_read_lock();
for_each_pmc_rcu(in_dev, pmc) {
- struct ip_sf_list *psf, *psf_next;
+ struct ip_sf_list *psf;
spin_lock_bh(&pmc->lock);
psf = pmc->tomb;
pmc->tomb = NULL;
spin_unlock_bh(&pmc->lock);
- for (; psf; psf = psf_next) {
- psf_next = psf->sf_next;
- kfree(psf);
- }
+ ip_sf_list_clear_all(psf);
}
rcu_read_unlock();
}
@@ -2133,7 +2152,7 @@ static int ip_mc_add_src(struct in_device *in_dev, __be32 *pmca, int sfmode,
static void ip_mc_clear_src(struct ip_mc_list *pmc)
{
- struct ip_sf_list *psf, *nextpsf, *tomb, *sources;
+ struct ip_sf_list *tomb, *sources;
spin_lock_bh(&pmc->lock);
tomb = pmc->tomb;
@@ -2145,14 +2164,8 @@ static void ip_mc_clear_src(struct ip_mc_list *pmc)
pmc->sfcount[MCAST_EXCLUDE] = 1;
spin_unlock_bh(&pmc->lock);
- for (psf = tomb; psf; psf = nextpsf) {
- nextpsf = psf->sf_next;
- kfree(psf);
- }
- for (psf = sources; psf; psf = nextpsf) {
- nextpsf = psf->sf_next;
- kfree(psf);
- }
+ ip_sf_list_clear_all(tomb);
+ ip_sf_list_clear_all(sources);
}
/* Join a multicast group
--
2.20.1
From 94a90cfb817a79a197680d5d8dd703ae734cf14b Mon Sep 17 00:00:00 2001
From: Eric Dumazet <edumazet@google.com>
Date: Wed, 22 May 2019 18:35:16 -0700
Subject: [PATCH 05/33] ipv4/igmp: fix build error if !CONFIG_IP_MULTICAST
[ Upstream commit 903869bd10e6719b9df6718e785be7ec725df59f ]
ip_sf_list_clear_all() needs to be defined even if !CONFIG_IP_MULTICAST
Fixes: 3580d04aa674 ("ipv4/igmp: fix another memory leak in igmpv3_del_delrec()")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: kbuild test robot <lkp@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
---
net/ipv4/igmp.c | 22 +++++++++++-----------
1 file changed, 11 insertions(+), 11 deletions(-)
diff --git a/net/ipv4/igmp.c b/net/ipv4/igmp.c
index 9822366d2b41..1e79e1bca13c 100644
--- a/net/ipv4/igmp.c
+++ b/net/ipv4/igmp.c
@@ -187,6 +187,17 @@ static void ip_ma_put(struct ip_mc_list *im)
pmc != NULL; \
pmc = rtnl_dereference(pmc->next_rcu))
+static void ip_sf_list_clear_all(struct ip_sf_list *psf)
+{
+ struct ip_sf_list *next;
+
+ while (psf) {
+ next = psf->sf_next;
+ kfree(psf);
+ psf = next;
+ }
+}
+
#ifdef CONFIG_IP_MULTICAST
/*
@@ -632,17 +643,6 @@ static void igmpv3_clear_zeros(struct ip_sf_list **ppsf)
}
}
-static void ip_sf_list_clear_all(struct ip_sf_list *psf)
-{
- struct ip_sf_list *next;
-
- while (psf) {
- next = psf->sf_next;
- kfree(psf);
- psf = next;
- }
-}
-
static void kfree_pmc(struct ip_mc_list *pmc)
{
ip_sf_list_clear_all(pmc->sources);
--
2.20.1
From 0f3e2f8367a05631ef0bf54b6e8dd9979a164ef2 Mon Sep 17 00:00:00 2001
From: Mike Manning <mmanning@vyatta.att-mail.com>
Date: Mon, 20 May 2019 19:57:17 +0100
Subject: [PATCH 06/33] ipv6: Consider sk_bound_dev_if when binding a raw
socket to an address
[ Upstream commit 72f7cfab6f93a8ea825fab8ccfb016d064269f7f ]
IPv6 does not consider if the socket is bound to a device when binding
to an address. The result is that a socket can be bound to eth0 and
then bound to the address of eth1. If the device is a VRF, the result
is that a socket can only be bound to an address in the default VRF.
Resolve by considering the device if sk_bound_dev_if is set.
Signed-off-by: Mike Manning <mmanning@vyatta.att-mail.com>
Reviewed-by: David Ahern <dsahern@gmail.com>
Tested-by: David Ahern <dsahern@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
---
net/ipv6/raw.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/net/ipv6/raw.c b/net/ipv6/raw.c
index 5a426226c762..5cb14eabfc65 100644
--- a/net/ipv6/raw.c
+++ b/net/ipv6/raw.c
@@ -287,7 +287,9 @@ static int rawv6_bind(struct sock *sk, struct sockaddr *uaddr, int addr_len)
/* Binding to link-local address requires an interface */
if (!sk->sk_bound_dev_if)
goto out_unlock;
+ }
+ if (sk->sk_bound_dev_if) {
err = -ENODEV;
dev = dev_get_by_index_rcu(sock_net(sk),
sk->sk_bound_dev_if);
--
2.20.1
From eebffccb2f48832dc1bf70d72f74c2abcf8f18ca Mon Sep 17 00:00:00 2001
From: David Ahern <dsahern@gmail.com>
Date: Wed, 22 May 2019 15:12:18 -0700
Subject: [PATCH 07/33] ipv6: Fix redirect with VRF
[ Upstream commit 31680ac265802397937d75461a2809a067b9fb93 ]
IPv6 redirect is broken for VRF. __ip6_route_redirect walks the FIB
entries looking for an exact match on ifindex. With VRF the flowi6_oif
is updated by l3mdev_update_flow to the l3mdev index and the
FLOWI_FLAG_SKIP_NH_OIF set in the flags to tell the lookup to skip the
device match. For redirects the device match is requires so use that
flag to know when the oif needs to be reset to the skb device index.
Fixes: ca254490c8df ("net: Add VRF support to IPv6 stack")
Signed-off-by: David Ahern <dsahern@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
---
net/ipv6/route.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/net/ipv6/route.c b/net/ipv6/route.c
index b471afce1330..457a27016e74 100644
--- a/net/ipv6/route.c
+++ b/net/ipv6/route.c
@@ -2448,6 +2448,12 @@ static struct rt6_info *__ip6_route_redirect(struct net *net,
struct fib6_info *rt;
struct fib6_node *fn;
+ /* l3mdev_update_flow overrides oif if the device is enslaved; in
+ * this case we must match on the real ingress device, so reset it
+ */
+ if (fl6->flowi6_flags & FLOWI_FLAG_SKIP_NH_OIF)
+ fl6->flowi6_oif = skb->dev->ifindex;
+
/* Get the "current" route for this destination and
* check if the redirect has come from appropriate router.
*
--
2.20.1
From e11731d0b09166badbf42aa7269440e487b76520 Mon Sep 17 00:00:00 2001
From: Eric Dumazet <edumazet@google.com>
Date: Mon, 27 May 2019 17:35:52 -0700
Subject: [PATCH 08/33] llc: fix skb leak in llc_build_and_send_ui_pkt()
[ Upstream commit 8fb44d60d4142cd2a440620cd291d346e23c131e ]
If llc_mac_hdr_init() returns an error, we must drop the skb
since no llc_build_and_send_ui_pkt() caller will take care of this.
BUG: memory leak
unreferenced object 0xffff8881202b6800 (size 2048):
comm "syz-executor907", pid 7074, jiffies 4294943781 (age 8.590s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
1a 00 07 40 00 00 00 00 00 00 00 00 00 00 00 00 ...@............
backtrace:
[<00000000e25b5abe>] kmemleak_alloc_recursive include/linux/kmemleak.h:55 [inline]
[<00000000e25b5abe>] slab_post_alloc_hook mm/slab.h:439 [inline]
[<00000000e25b5abe>] slab_alloc mm/slab.c:3326 [inline]
[<00000000e25b5abe>] __do_kmalloc mm/slab.c:3658 [inline]
[<00000000e25b5abe>] __kmalloc+0x161/0x2c0 mm/slab.c:3669
[<00000000a1ae188a>] kmalloc include/linux/slab.h:552 [inline]
[<00000000a1ae188a>] sk_prot_alloc+0xd6/0x170 net/core/sock.c:1608
[<00000000ded25bbe>] sk_alloc+0x35/0x2f0 net/core/sock.c:1662
[<000000002ecae075>] llc_sk_alloc+0x35/0x170 net/llc/llc_conn.c:950
[<00000000551f7c47>] llc_ui_create+0x7b/0x140 net/llc/af_llc.c:173
[<0000000029027f0e>] __sock_create+0x164/0x250 net/socket.c:1430
[<000000008bdec225>] sock_create net/socket.c:1481 [inline]
[<000000008bdec225>] __sys_socket+0x69/0x110 net/socket.c:1523
[<00000000b6439228>] __do_sys_socket net/socket.c:1532 [inline]
[<00000000b6439228>] __se_sys_socket net/socket.c:1530 [inline]
[<00000000b6439228>] __x64_sys_socket+0x1e/0x30 net/socket.c:1530
[<00000000cec820c1>] do_syscall_64+0x76/0x1a0 arch/x86/entry/common.c:301
[<000000000c32554f>] entry_SYSCALL_64_after_hwframe+0x44/0xa9
BUG: memory leak
unreferenced object 0xffff88811d750d00 (size 224):
comm "syz-executor907", pid 7074, jiffies 4294943781 (age 8.600s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 f0 0c 24 81 88 ff ff 00 68 2b 20 81 88 ff ff ...$.....h+ ....
backtrace:
[<0000000053026172>] kmemleak_alloc_recursive include/linux/kmemleak.h:55 [inline]
[<0000000053026172>] slab_post_alloc_hook mm/slab.h:439 [inline]
[<0000000053026172>] slab_alloc_node mm/slab.c:3269 [inline]
[<0000000053026172>] kmem_cache_alloc_node+0x153/0x2a0 mm/slab.c:3579
[<00000000fa8f3c30>] __alloc_skb+0x6e/0x210 net/core/skbuff.c:198
[<00000000d96fdafb>] alloc_skb include/linux/skbuff.h:1058 [inline]
[<00000000d96fdafb>] alloc_skb_with_frags+0x5f/0x250 net/core/skbuff.c:5327
[<000000000a34a2e7>] sock_alloc_send_pskb+0x269/0x2a0 net/core/sock.c:2225
[<00000000ee39999b>] sock_alloc_send_skb+0x32/0x40 net/core/sock.c:2242
[<00000000e034d810>] llc_ui_sendmsg+0x10a/0x540 net/llc/af_llc.c:933
[<00000000c0bc8445>] sock_sendmsg_nosec net/socket.c:652 [inline]
[<00000000c0bc8445>] sock_sendmsg+0x54/0x70 net/socket.c:671
[<000000003b687167>] __sys_sendto+0x148/0x1f0 net/socket.c:1964
[<00000000922d78d9>] __do_sys_sendto net/socket.c:1976 [inline]
[<00000000922d78d9>] __se_sys_sendto net/socket.c:1972 [inline]
[<00000000922d78d9>] __x64_sys_sendto+0x2a/0x30 net/socket.c:1972
[<00000000cec820c1>] do_syscall_64+0x76/0x1a0 arch/x86/entry/common.c:301
[<000000000c32554f>] entry_SYSCALL_64_after_hwframe+0x44/0xa9
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: syzbot <syzkaller@googlegroups.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
---
net/llc/llc_output.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/net/llc/llc_output.c b/net/llc/llc_output.c
index 94425e421213..9e4b6bcf6920 100644
--- a/net/llc/llc_output.c
+++ b/net/llc/llc_output.c
@@ -72,6 +72,8 @@ int llc_build_and_send_ui_pkt(struct llc_sap *sap, struct sk_buff *skb,
rc = llc_mac_hdr_init(skb, skb->dev->dev_addr, dmac);
if (likely(!rc))
rc = dev_queue_xmit(skb);
+ else
+ kfree_skb(skb);
return rc;
}
--
2.20.1
From 54c3ef00f4fd7a0a11f12ee474b83733953767a2 Mon Sep 17 00:00:00 2001
From: Jiri Pirko <jiri@mellanox.com>
Date: Wed, 29 May 2019 10:59:44 +0300
Subject: [PATCH 09/33] mlxsw: spectrum_acl: Avoid warning after identical
rules insertion
[ Upstream commit ef74422020aa8c224b00a927e3e47faac4d8fae3 ]
When identical rules are inserted, the latter one goes to C-TCAM. For
that, a second eRP with the same mask is created. These 2 eRPs by the
nature cannot be merged and also one cannot be parent of another.
Teach mlxsw_sp_acl_erp_delta_fill() about this possibility and handle it
gracefully.
Reported-by: Alex Kushnarov <alexanderk@mellanox.com>
Fixes: c22291f7cf45 ("mlxsw: spectrum: acl: Implement delta for ERP")
Signed-off-by: Jiri Pirko <jiri@mellanox.com>
Signed-off-by: Ido Schimmel <idosch@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
---
.../net/ethernet/mellanox/mlxsw/spectrum_acl_erp.c | 11 +++++------
1 file changed, 5 insertions(+), 6 deletions(-)
diff --git a/drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_erp.c b/drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_erp.c
index 2941967e1cc5..2e5ebcd01b4b 100644
--- a/drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_erp.c
+++ b/drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_erp.c
@@ -1169,13 +1169,12 @@ mlxsw_sp_acl_erp_delta_fill(const struct mlxsw_sp_acl_erp_key *parent_key,
return -EINVAL;
}
if (si == -1) {
- /* The masks are the same, this cannot happen.
- * That means the caller is broken.
+ /* The masks are the same, this can happen in case eRPs with
+ * the same mask were created in both A-TCAM and C-TCAM.
+ * The only possible condition under which this can happen
+ * is identical rule insertion. Delta is not possible here.
*/
- WARN_ON(1);
- *delta_start = 0;
- *delta_mask = 0;
- return 0;
+ return -EINVAL;
}
pmask = (unsigned char) parent_key->mask[__MASK_IDX(si)];
mask = (unsigned char) key->mask[__MASK_IDX(si)];
--
2.20.1
From e51c02ac318957b4dd2bbd178097236a6676792a Mon Sep 17 00:00:00 2001
From: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
Date: Wed, 29 May 2019 07:02:11 +0000
Subject: [PATCH 10/33] net: dsa: mv88e6xxx: fix handling of upper half of
STATS_TYPE_PORT
[ Upstream commit 84b3fd1fc9592d431e23b077e692fa4e3fd0f086 ]
Currently, the upper half of a 4-byte STATS_TYPE_PORT statistic ends
up in bits 47:32 of the return value, instead of bits 31:16 as they
should.
Fixes: 6e46e2d821bb ("net: dsa: mv88e6xxx: Fix u64 statistics")
Signed-off-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
Reviewed-by: Vivien Didelot <vivien.didelot@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
---
drivers/net/dsa/mv88e6xxx/chip.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/dsa/mv88e6xxx/chip.c b/drivers/net/dsa/mv88e6xxx/chip.c
index 6cba05a80892..5a81ce42b808 100644
--- a/drivers/net/dsa/mv88e6xxx/chip.c
+++ b/drivers/net/dsa/mv88e6xxx/chip.c
@@ -892,7 +892,7 @@ static uint64_t _mv88e6xxx_get_ethtool_stat(struct mv88e6xxx_chip *chip,
err = mv88e6xxx_port_read(chip, port, s->reg + 1, ®);
if (err)
return U64_MAX;
- high = reg;
+ low |= ((u32)reg) << 16;
}
break;
case STATS_TYPE_BANK1:
--
2.20.1
From 02cf540a082bdd03b1c080b2df2d6a6ad1cddc1a Mon Sep 17 00:00:00 2001
From: Andy Duan <fugang.duan@nxp.com>
Date: Thu, 23 May 2019 01:55:28 +0000
Subject: [PATCH 11/33] net: fec: fix the clk mismatch in failed_reset path
[ Upstream commit ce8d24f9a5965a58c588f9342689702a1024433c ]
Fix the clk mismatch in the error path "failed_reset" because
below error path will disable clk_ahb and clk_ipg directly, it
should use pm_runtime_put_noidle() instead of pm_runtime_put()
to avoid to call runtime resume callback.
Reported-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Fugang Duan <fugang.duan@nxp.com>
Tested-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: David S. Miller <davem@davemloft.net>
---
drivers/net/ethernet/freescale/fec_main.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/freescale/fec_main.c b/drivers/net/ethernet/freescale/fec_main.c
index a96ad20ee484..878ccce1dfcd 100644
--- a/drivers/net/ethernet/freescale/fec_main.c
+++ b/drivers/net/ethernet/freescale/fec_main.c
@@ -3556,7 +3556,7 @@ fec_probe(struct platform_device *pdev)
if (fep->reg_phy)
regulator_disable(fep->reg_phy);
failed_reset:
- pm_runtime_put(&pdev->dev);
+ pm_runtime_put_noidle(&pdev->dev);
pm_runtime_disable(&pdev->dev);
failed_regulator:
clk_disable_unprepare(fep->clk_ahb);
--
2.20.1
From 49c896093219b9d5fccad9946618100da86cb53b Mon Sep 17 00:00:00 2001
From: Eric Dumazet <edumazet@google.com>
Date: Wed, 29 May 2019 15:36:10 -0700
Subject: [PATCH 12/33] net-gro: fix use-after-free read in napi_gro_frags()
[ Upstream commit a4270d6795b0580287453ea55974d948393e66ef ]
If a network driver provides to napi_gro_frags() an
skb with a page fragment of exactly 14 bytes, the call
to gro_pull_from_frag0() will 'consume' the fragment
by calling skb_frag_unref(skb, 0), and the page might
be freed and reused.
Reading eth->h_proto at the end of napi_frags_skb() might
read mangled data, or crash under specific debugging features.
BUG: KASAN: use-after-free in napi_frags_skb net/core/dev.c:5833 [inline]
BUG: KASAN: use-after-free in napi_gro_frags+0xc6f/0xd10 net/core/dev.c:5841
Read of size 2 at addr ffff88809366840c by task syz-executor599/8957
CPU: 1 PID: 8957 Comm: syz-executor599 Not tainted 5.2.0-rc1+ #32
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x172/0x1f0 lib/dump_stack.c:113
print_address_description.cold+0x7c/0x20d mm/kasan/report.c:188
__kasan_report.cold+0x1b/0x40 mm/kasan/report.c:317
kasan_report+0x12/0x20 mm/kasan/common.c:614
__asan_report_load_n_noabort+0xf/0x20 mm/kasan/generic_report.c:142
napi_frags_skb net/core/dev.c:5833 [inline]
napi_gro_frags+0xc6f/0xd10 net/core/dev.c:5841
tun_get_user+0x2f3c/0x3ff0 drivers/net/tun.c:1991
tun_chr_write_iter+0xbd/0x156 drivers/net/tun.c:2037
call_write_iter include/linux/fs.h:1872 [inline]
do_iter_readv_writev+0x5f8/0x8f0 fs/read_write.c:693
do_iter_write fs/read_write.c:970 [inline]
do_iter_write+0x184/0x610 fs/read_write.c:951
vfs_writev+0x1b3/0x2f0 fs/read_write.c:1015
do_writev+0x15b/0x330 fs/read_write.c:1058
Fixes: a50e233c50db ("net-gro: restore frag0 optimization")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: syzbot <syzkaller@googlegroups.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
---
net/core/dev.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/core/dev.c b/net/core/dev.c
index c8e672ac32cb..a8d017035ae9 100644
--- a/net/core/dev.c
+++ b/net/core/dev.c
@@ -5804,7 +5804,6 @@ static struct sk_buff *napi_frags_skb(struct napi_struct *napi)
skb_reset_mac_header(skb);
skb_gro_reset_offset(skb);
- eth = skb_gro_header_fast(skb, 0);
if (unlikely(skb_gro_header_hard(skb, hlen))) {
eth = skb_gro_header_slow(skb, hlen, 0);
if (unlikely(!eth)) {
@@ -5814,6 +5813,7 @@ static struct sk_buff *napi_frags_skb(struct napi_struct *napi)
return NULL;
}
} else {
+ eth = (const struct ethhdr *)skb->data;
gro_pull_from_frag0(skb, hlen);
NAPI_GRO_CB(skb)->frag0 += hlen;
NAPI_GRO_CB(skb)->frag0_len -= hlen;
--
2.20.1
From 9365db5aef61784eca1b754d9908bca159e8049e Mon Sep 17 00:00:00 2001
From: Jisheng Zhang <Jisheng.Zhang@synaptics.com>
Date: Mon, 27 May 2019 11:04:17 +0000
Subject: [PATCH 13/33] net: mvneta: Fix err code path of probe
[ Upstream commit d484e06e25ebb937d841dac02ac1fe76ec7d4ddd ]
Fix below issues in err code path of probe:
1. we don't need to unregister_netdev() because the netdev isn't
registered.
2. when register_netdev() fails, we also need to destroy bm pool for
HWBM case.
Fixes: dc35a10f68d3 ("net: mvneta: bm: add support for hardware buffer management")
Signed-off-by: Jisheng Zhang <Jisheng.Zhang@synaptics.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
---
drivers/net/ethernet/marvell/mvneta.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/drivers/net/ethernet/marvell/mvneta.c b/drivers/net/ethernet/marvell/mvneta.c
index 8433fb9c3eee..ea0236a2e18b 100644
--- a/drivers/net/ethernet/marvell/mvneta.c
+++ b/drivers/net/ethernet/marvell/mvneta.c
@@ -4619,7 +4619,7 @@ static int mvneta_probe(struct platform_device *pdev)
err = register_netdev(dev);
if (err < 0) {
dev_err(&pdev->dev, "failed to register\n");
- goto err_free_stats;
+ goto err_netdev;
}
netdev_info(dev, "Using %s mac address %pM\n", mac_from,
@@ -4630,14 +4630,12 @@ static int mvneta_probe(struct platform_device *pdev)
return 0;
err_netdev:
- unregister_netdev(dev);
if (pp->bm_priv) {
mvneta_bm_pool_destroy(pp->bm_priv, pp->pool_long, 1 << pp->id);
mvneta_bm_pool_destroy(pp->bm_priv, pp->pool_short,
1 << pp->id);
mvneta_bm_put(pp->bm_priv);
}
-err_free_stats:
free_percpu(pp->stats);
err_free_ports:
free_percpu(pp->ports);
--
2.20.1
From 6174e5e7eee71b7c3017ceb2317b3e2cd4fd3d1e Mon Sep 17 00:00:00 2001
From: Antoine Tenart <antoine.tenart@bootlin.com>
Date: Wed, 29 May 2019 15:59:48 +0200
Subject: [PATCH 14/33] net: mvpp2: fix bad MVPP2_TXQ_SCHED_TOKEN_CNTR_REG
queue value
[ Upstream commit 21808437214637952b61beaba6034d97880fbeb3 ]
MVPP2_TXQ_SCHED_TOKEN_CNTR_REG() expects the logical queue id but
the current code is passing the global tx queue offset, so it ends
up writing to unknown registers (between 0x8280 and 0x82fc, which
seemed to be unused by the hardware). This fixes the issue by using
the logical queue id instead.
Fixes: 3f518509dedc ("ethernet: Add new driver for Marvell Armada 375 network unit")
Signed-off-by: Antoine Tenart <antoine.tenart@bootlin.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
---
drivers/net/ethernet/marvell/mvpp2/mvpp2_main.c | 10 ++++------
1 file changed, 4 insertions(+), 6 deletions(-)
diff --git a/drivers/net/ethernet/marvell/mvpp2/mvpp2_main.c b/drivers/net/ethernet/marvell/mvpp2/mvpp2_main.c
index 70031e2b2294..f063ba69eb17 100644
--- a/drivers/net/ethernet/marvell/mvpp2/mvpp2_main.c
+++ b/drivers/net/ethernet/marvell/mvpp2/mvpp2_main.c
@@ -1412,7 +1412,7 @@ static inline void mvpp2_xlg_max_rx_size_set(struct mvpp2_port *port)
/* Set defaults to the MVPP2 port */
static void mvpp2_defaults_set(struct mvpp2_port *port)
{
- int tx_port_num, val, queue, ptxq, lrxq;
+ int tx_port_num, val, queue, lrxq;
if (port->priv->hw_version == MVPP21) {
/* Update TX FIFO MIN Threshold */
@@ -1433,11 +1433,9 @@ static void mvpp2_defaults_set(struct mvpp2_port *port)
mvpp2_write(port->priv, MVPP2_TXP_SCHED_FIXED_PRIO_REG, 0);
/* Close bandwidth for all queues */
- for (queue = 0; queue < MVPP2_MAX_TXQ; queue++) {
- ptxq = mvpp2_txq_phys(port->id, queue);
+ for (queue = 0; queue < MVPP2_MAX_TXQ; queue++)
mvpp2_write(port->priv,
- MVPP2_TXQ_SCHED_TOKEN_CNTR_REG(ptxq), 0);
- }
+ MVPP2_TXQ_SCHED_TOKEN_CNTR_REG(queue), 0);
/* Set refill period to 1 usec, refill tokens
* and bucket size to maximum
@@ -2293,7 +2291,7 @@ static void mvpp2_txq_deinit(struct mvpp2_port *port,
txq->descs_dma = 0;
/* Set minimum bandwidth for disabled TXQs */
- mvpp2_write(port->priv, MVPP2_TXQ_SCHED_TOKEN_CNTR_REG(txq->id), 0);
+ mvpp2_write(port->priv, MVPP2_TXQ_SCHED_TOKEN_CNTR_REG(txq->log_id), 0);
/* Set Tx descriptors queue starting address and size */
thread = mvpp2_cpu_to_thread(port->priv, get_cpu());
--
2.20.1
From 74518887348b399cbd01525bec3ac91e711bd94a Mon Sep 17 00:00:00 2001
From: Russell King <rmk+kernel@armlinux.org.uk>
Date: Tue, 28 May 2019 10:34:42 +0100
Subject: [PATCH 15/33] net: phy: marvell10g: report if the PHY fails to boot
firmware
[ Upstream commit 3d3ced2ec5d71b99d72ae6910fbdf890bc2eccf0 ]
Some boards do not have the PHY firmware programmed in the 3310's flash,
which leads to the PHY not working as expected. Warn the user when the
PHY fails to boot the firmware and refuse to initialise.
Fixes: 20b2af32ff3f ("net: phy: add Marvell Alaska X 88X3310 10Gigabit PHY support")
Signed-off-by: Russell King <rmk+kernel@armlinux.org.uk>
Tested-by: Maxime Chevallier <maxime.chevallier@bootlin.com>
Reviewed-by: Andrew Lunn <andrew@lunn.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
---
drivers/net/phy/marvell10g.c | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/drivers/net/phy/marvell10g.c b/drivers/net/phy/marvell10g.c
index 6bac602094bd..8438f2f40d3d 100644
--- a/drivers/net/phy/marvell10g.c
+++ b/drivers/net/phy/marvell10g.c
@@ -29,6 +29,9 @@
#define MDIO_AN_10GBT_CTRL_ADV_NBT_MASK 0x01e0
enum {
+ MV_PMA_BOOT = 0xc050,
+ MV_PMA_BOOT_FATAL = BIT(0),
+
MV_PCS_BASE_T = 0x0000,
MV_PCS_BASE_R = 0x1000,
MV_PCS_1000BASEX = 0x2000,
@@ -228,6 +231,16 @@ static int mv3310_probe(struct phy_device *phydev)
(phydev->c45_ids.devices_in_package & mmd_mask) != mmd_mask)
return -ENODEV;
+ ret = phy_read_mmd(phydev, MDIO_MMD_PMAPMD, MV_PMA_BOOT);
+ if (ret < 0)
+ return ret;
+
+ if (ret & MV_PMA_BOOT_FATAL) {
+ dev_warn(&phydev->mdio.dev,
+ "PHY failed to boot firmware, status=%04x\n", ret);
+ return -ENODEV;
+ }
+
priv = devm_kzalloc(&phydev->mdio.dev, sizeof(*priv), GFP_KERNEL);
if (!priv)
return -ENOMEM;
--
2.20.1
From e8610583542287ebe56b0fe26d89a0aeb66c429d Mon Sep 17 00:00:00 2001
From: Vlad Buslov <vladbu@mellanox.com>
Date: Thu, 23 May 2019 09:32:31 +0300
Subject: [PATCH 16/33] net: sched: don't use tc_action->order during action
dump
[ Upstream commit 4097e9d250fb17958c1d9b94538386edd3f20144 ]
Function tcf_action_dump() relies on tc_action->order field when starting
nested nla to send action data to userspace. This approach breaks in
several cases:
- When multiple filters point to same shared action, tc_action->order field
is overwritten each time it is attached to filter. This causes filter
dump to output action with incorrect attribute for all filters that have
the action in different position (different order) from the last set
tc_action->order value.
- When action data is displayed using tc action API (RTM_GETACTION), action
order is overwritten by tca_action_gd() according to its position in
resulting array of nl attributes, which will break filter dump for all
filters attached to that shared action that expect it to have different
order value.
Don't rely on tc_action->order when dumping actions. Set nla according to
action position in resulting array of actions instead.
Signed-off-by: Vlad Buslov <vladbu@mellanox.com>
Acked-by: Jamal Hadi Salim <jhs@mojatatu.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
---
net/sched/act_api.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/net/sched/act_api.c b/net/sched/act_api.c
index d4b8355737d8..9d4ed81a33b9 100644
--- a/net/sched/act_api.c
+++ b/net/sched/act_api.c
@@ -766,7 +766,7 @@ int tcf_action_dump(struct sk_buff *skb, struct tc_action *actions[],
for (i = 0; i < TCA_ACT_MAX_PRIO && actions[i]; i++) {
a = actions[i];
- nest = nla_nest_start(skb, a->order);
+ nest = nla_nest_start(skb, i + 1);
if (nest == NULL)
goto nla_put_failure;
err = tcf_action_dump_1(skb, a, bind, ref);
@@ -1283,7 +1283,6 @@ tca_action_gd(struct net *net, struct nlattr *nla, struct nlmsghdr *n,
ret = PTR_ERR(act);
goto err;
}
- act->order = i;
attr_size += tcf_action_fill_size(act);
actions[i - 1] = act;
}
--
2.20.1
From 7eeb66e5418ed1943c7851400aa2e34a156eef75 Mon Sep 17 00:00:00 2001
From: Jisheng Zhang <Jisheng.Zhang@synaptics.com>
Date: Wed, 22 May 2019 10:05:09 +0000
Subject: [PATCH 17/33] net: stmmac: fix reset gpio free missing
[ Upstream commit 49ce881c0d4c4a7a35358d9dccd5f26d0e56fc61 ]
Commit 984203ceff27 ("net: stmmac: mdio: remove reset gpio free")
removed the reset gpio free, when the driver is unbinded or rmmod,
we miss the gpio free.
This patch uses managed API to request the reset gpio, so that the
gpio could be freed properly.
Fixes: 984203ceff27 ("net: stmmac: mdio: remove reset gpio free")
Signed-off-by: Jisheng Zhang <Jisheng.Zhang@synaptics.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
---
drivers/net/ethernet/stmicro/stmmac/stmmac_mdio.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/stmicro/stmmac/stmmac_mdio.c b/drivers/net/ethernet/stmicro/stmmac/stmmac_mdio.c
index bdd351597b55..093a223fe408 100644
--- a/drivers/net/ethernet/stmicro/stmmac/stmmac_mdio.c
+++ b/drivers/net/ethernet/stmicro/stmmac/stmmac_mdio.c
@@ -267,7 +267,8 @@ int stmmac_mdio_reset(struct mii_bus *bus)
of_property_read_u32_array(np,
"snps,reset-delays-us", data->delays, 3);
- if (gpio_request(data->reset_gpio, "mdio-reset"))
+ if (devm_gpio_request(priv->device, data->reset_gpio,
+ "mdio-reset"))
return 0;
}
--
2.20.1
From d5bd0eb1f212c51ac2c1fcb638fc44c43cc2ec6e Mon Sep 17 00:00:00 2001
From: Heiner Kallweit <hkallweit1@gmail.com>
Date: Wed, 29 May 2019 07:44:01 +0200
Subject: [PATCH 18/33] r8169: fix MAC address being lost in PCI D3
[ Upstream commit 59715171fbd0172a579576f46821031800a63bc5 ]
(At least) RTL8168e forgets its MAC address in PCI D3. To fix this set
the MAC address when resuming. For resuming from runtime-suspend we
had this in place already, for resuming from S3/S5 it was missing.
The commit referenced as being fixed isn't wrong, it's just the first
one where the patch applies cleanly.
Fixes: 0f07bd850d36 ("r8169: use dev_get_drvdata where possible")
Signed-off-by: Heiner Kallweit <hkallweit1@gmail.com>
Reported-by: Albert Astals Cid <aacid@kde.org>
Tested-by: Albert Astals Cid <aacid@kde.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
---
drivers/net/ethernet/realtek/r8169.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/net/ethernet/realtek/r8169.c b/drivers/net/ethernet/realtek/r8169.c
index 365cddbfc684..cb65f6a48eba 100644
--- a/drivers/net/ethernet/realtek/r8169.c
+++ b/drivers/net/ethernet/realtek/r8169.c
@@ -6814,6 +6814,8 @@ static int rtl8169_resume(struct device *device)
struct net_device *dev = dev_get_drvdata(device);
struct rtl8169_private *tp = netdev_priv(dev);
+ rtl_rar_set(tp, dev->dev_addr);
+
clk_prepare_enable(tp->clk);
if (netif_running(dev))
@@ -6847,6 +6849,7 @@ static int rtl8169_runtime_resume(struct device *device)
{
struct net_device *dev = dev_get_drvdata(device);
struct rtl8169_private *tp = netdev_priv(dev);
+
rtl_rar_set(tp, dev->dev_addr);
if (!tp->TxDescArray)
--
2.20.1
From 3f8b1345a2e7dc8e4cb1d6bc83ab80e5e7951bd7 Mon Sep 17 00:00:00 2001
From: Kloetzke Jan <Jan.Kloetzke@preh.de>
Date: Tue, 21 May 2019 13:18:40 +0000
Subject: [PATCH 19/33] usbnet: fix kernel crash after disconnect
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
[ Upstream commit ad70411a978d1e6e97b1e341a7bde9a79af0c93d ]
When disconnecting cdc_ncm the kernel sporadically crashes shortly
after the disconnect:
[ 57.868812] Unable to handle kernel NULL pointer dereference at virtual address 00000000
...
[ 58.006653] PC is at 0x0
[ 58.009202] LR is at call_timer_fn+0xec/0x1b4
[ 58.013567] pc : [<0000000000000000>] lr : [<ffffff80080f5130>] pstate: 00000145
[ 58.020976] sp : ffffff8008003da0
[ 58.024295] x29: ffffff8008003da0 x28: 0000000000000001
[ 58.029618] x27: 000000000000000a x26: 0000000000000100
[ 58.034941] x25: 0000000000000000 x24: ffffff8008003e68
[ 58.040263] x23: 0000000000000000 x22: 0000000000000000
[ 58.045587] x21: 0000000000000000 x20: ffffffc68fac1808
[ 58.050910] x19: 0000000000000100 x18: 0000000000000000
[ 58.056232] x17: 0000007f885aff8c x16: 0000007f883a9f10
[ 58.061556] x15: 0000000000000001 x14: 000000000000006e
[ 58.066878] x13: 0000000000000000 x12: 00000000000000ba
[ 58.072201] x11: ffffffc69ff1db30 x10: 0000000000000020
[ 58.077524] x9 : 8000100008001000 x8 : 0000000000000001
[ 58.082847] x7 : 0000000000000800 x6 : ffffff8008003e70
[ 58.088169] x5 : ffffffc69ff17a28 x4 : 00000000ffff138b
[ 58.093492] x3 : 0000000000000000 x2 : 0000000000000000
[ 58.098814] x1 : 0000000000000000 x0 : 0000000000000000
...
[ 58.205800] [< (null)>] (null)
[ 58.210521] [<ffffff80080f5298>] expire_timers+0xa0/0x14c
[ 58.215937] [<ffffff80080f542c>] run_timer_softirq+0xe8/0x128
[ 58.221702] [<ffffff8008081120>] __do_softirq+0x298/0x348
[ 58.227118] [<ffffff80080a6304>] irq_exit+0x74/0xbc
[ 58.232009] [<ffffff80080e17dc>] __handle_domain_irq+0x78/0xac
[ 58.237857] [<ffffff8008080cf4>] gic_handle_irq+0x80/0xac
...
The crash happens roughly 125..130ms after the disconnect. This
correlates with the 'delay' timer that is started on certain USB tx/rx
errors in the URB completion handler.
The problem is a race of usbnet_stop() with usbnet_start_xmit(). In
usbnet_stop() we call usbnet_terminate_urbs() to cancel all URBs in
flight. This only makes sense if no new URBs are submitted
concurrently, though. But the usbnet_start_xmit() can run at the same
time on another CPU which almost unconditionally submits an URB. The
error callback of the new URB will then schedule the timer after it was
already stopped.
The fix adds a check if the tx queue is stopped after the tx list lock
has been taken. This should reliably prevent the submission of new URBs
while usbnet_terminate_urbs() does its job. The same thing is done on
the rx side even though it might be safe due to other flags that are
checked there.
Signed-off-by: Jan Klötzke <Jan.Kloetzke@preh.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
---
drivers/net/usb/usbnet.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/drivers/net/usb/usbnet.c b/drivers/net/usb/usbnet.c
index 504282af27e5..921cc0571bd0 100644
--- a/drivers/net/usb/usbnet.c
+++ b/drivers/net/usb/usbnet.c
@@ -506,6 +506,7 @@ static int rx_submit (struct usbnet *dev, struct urb *urb, gfp_t flags)
if (netif_running (dev->net) &&
netif_device_present (dev->net) &&
+ test_bit(EVENT_DEV_OPEN, &dev->flags) &&
!test_bit (EVENT_RX_HALT, &dev->flags) &&
!test_bit (EVENT_DEV_ASLEEP, &dev->flags)) {
switch (retval = usb_submit_urb (urb, GFP_ATOMIC)) {
@@ -1431,6 +1432,11 @@ netdev_tx_t usbnet_start_xmit (struct sk_buff *skb,
spin_unlock_irqrestore(&dev->txq.lock, flags);
goto drop;
}
+ if (netif_queue_stopped(net)) {
+ usb_autopm_put_interface_async(dev->intf);
+ spin_unlock_irqrestore(&dev->txq.lock, flags);
+ goto drop;
+ }
#ifdef CONFIG_PM
/* if this triggers the device is still a sleep */
--
2.20.1
From deef0846f089d059bbbb0e324fb349ca80c22d3b Mon Sep 17 00:00:00 2001
From: Parav Pandit <parav@mellanox.com>
Date: Fri, 10 May 2019 10:26:23 -0500
Subject: [PATCH 20/33] net/mlx5: Avoid double free in fs init error unwinding
path
[ Upstream commit 9414277a5df3669c67e818708c0f881597e0118e ]
In below code flow, for ingress acl table root ns memory leads
to double free.
mlx5_init_fs
init_ingress_acls_root_ns()
init_ingress_acl_root_ns
kfree(steering->esw_ingress_root_ns);
/* steering->esw_ingress_root_ns is not marked NULL */
mlx5_cleanup_fs
cleanup_ingress_acls_root_ns
steering->esw_ingress_root_ns non NULL check passes.
kfree(steering->esw_ingress_root_ns);
/* double free */
Similar issue exist for other tables.
Hence zero out the pointers to not process the table again.
Fixes: 9b93ab981e3bf ("net/mlx5: Separate ingress/egress namespaces for each vport")
Fixes: 40c3eebb49e51 ("net/mlx5: Add support in RDMA RX steering")
Signed-off-by: Parav Pandit <parav@mellanox.com>
Reviewed-by: Mark Bloch <markb@mellanox.com>
Signed-off-by: Saeed Mahameed <saeedm@mellanox.com>
---
drivers/net/ethernet/mellanox/mlx5/core/fs_core.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/fs_core.c b/drivers/net/ethernet/mellanox/mlx5/core/fs_core.c
index abbdd4906984..a49fc4fab3fa 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/fs_core.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/fs_core.c
@@ -2390,6 +2390,7 @@ static void cleanup_egress_acls_root_ns(struct mlx5_core_dev *dev)
cleanup_root_ns(steering->esw_egress_root_ns[i]);
kfree(steering->esw_egress_root_ns);
+ steering->esw_egress_root_ns = NULL;
}
static void cleanup_ingress_acls_root_ns(struct mlx5_core_dev *dev)
@@ -2404,6 +2405,7 @@ static void cleanup_ingress_acls_root_ns(struct mlx5_core_dev *dev)
cleanup_root_ns(steering->esw_ingress_root_ns[i]);
kfree(steering->esw_ingress_root_ns);
+ steering->esw_ingress_root_ns = NULL;
}
void mlx5_cleanup_fs(struct mlx5_core_dev *dev)
@@ -2572,6 +2574,7 @@ static int init_egress_acls_root_ns(struct mlx5_core_dev *dev)
for (i--; i >= 0; i--)
cleanup_root_ns(steering->esw_egress_root_ns[i]);
kfree(steering->esw_egress_root_ns);
+ steering->esw_egress_root_ns = NULL;
return err;
}
@@ -2599,6 +2602,7 @@ static int init_ingress_acls_root_ns(struct mlx5_core_dev *dev)
for (i--; i >= 0; i--)
cleanup_root_ns(steering->esw_ingress_root_ns[i]);
kfree(steering->esw_ingress_root_ns);
+ steering->esw_ingress_root_ns = NULL;
return err;
}
--
2.20.1
From 59e3e2ad147017fb535228a330bcd15d91eac8db Mon Sep 17 00:00:00 2001
From: Chris Packham <chris.packham@alliedtelesis.co.nz>
Date: Mon, 20 May 2019 15:45:36 +1200
Subject: [PATCH 21/33] tipc: Avoid copying bytes beyond the supplied data
TLV_SET is called with a data pointer and a len parameter that tells us
how many bytes are pointed to by data. When invoking memcpy() we need
to careful to only copy len bytes.
Previously we would copy TLV_LENGTH(len) bytes which would copy an extra
4 bytes past the end of the data pointer which newer GCC versions
complain about.
In file included from test.c:17:
In function 'TLV_SET',
inlined from 'test' at test.c:186:5:
/usr/include/linux/tipc_config.h:317:3:
warning: 'memcpy' forming offset [33, 36] is out of the bounds [0, 32]
of object 'bearer_name' with type 'char[32]' [-Warray-bounds]
memcpy(TLV_DATA(tlv_ptr), data, tlv_len);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
test.c: In function 'test':
test.c::161:10: note:
'bearer_name' declared here
char bearer_name[TIPC_MAX_BEARER_NAME];
^~~~~~~~~~~
We still want to ensure any padding bytes at the end are initialised, do
this with a explicit memset() rather than copy bytes past the end of
data. Apply the same logic to TCM_SET.
Signed-off-by: Chris Packham <chris.packham@alliedtelesis.co.nz>
Signed-off-by: David S. Miller <davem@davemloft.net>
---
include/uapi/linux/tipc_config.h | 10 +++++++---
1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/include/uapi/linux/tipc_config.h b/include/uapi/linux/tipc_config.h
index 4b2c93b1934c..4955e1a9f1bc 100644
--- a/include/uapi/linux/tipc_config.h
+++ b/include/uapi/linux/tipc_config.h
@@ -307,8 +307,10 @@ static inline int TLV_SET(void *tlv, __u16 type, void *data, __u16 len)
tlv_ptr = (struct tlv_desc *)tlv;
tlv_ptr->tlv_type = htons(type);
tlv_ptr->tlv_len = htons(tlv_len);
- if (len && data)
- memcpy(TLV_DATA(tlv_ptr), data, tlv_len);
+ if (len && data) {
+ memcpy(TLV_DATA(tlv_ptr), data, len);
+ memset(TLV_DATA(tlv_ptr) + len, 0, TLV_SPACE(len) - tlv_len);
+ }
return TLV_SPACE(len);
}
@@ -405,8 +407,10 @@ static inline int TCM_SET(void *msg, __u16 cmd, __u16 flags,
tcm_hdr->tcm_len = htonl(msg_len);
tcm_hdr->tcm_type = htons(cmd);
tcm_hdr->tcm_flags = htons(flags);
- if (data_len && data)
+ if (data_len && data) {
memcpy(TCM_DATA(msg), data, data_len);
+ memset(TCM_DATA(msg) + data_len, 0, TCM_SPACE(data_len) - msg_len);
+ }
return TCM_SPACE(data_len);
}
--
2.20.1
From 53e081d0ab3481dbd5c3ddb5d09a855874dbe035 Mon Sep 17 00:00:00 2001
From: Parav Pandit <parav@mellanox.com>
Date: Fri, 10 May 2019 10:40:08 -0500
Subject: [PATCH 22/33] net/mlx5: Allocate root ns memory using kzalloc to
match kfree
[ Upstream commit 25fa506b70cadb580c1e9cbd836d6417276d4bcd ]
root ns is yet another fs core node which is freed using kfree() by
tree_put_node().
Rest of the other fs core objects are also allocated using kmalloc
variants.
However, root ns memory is allocated using kvzalloc().
Hence allocate root ns memory using kzalloc().
Fixes: 2530236303d9e ("net/mlx5_core: Flow steering tree initialization")
Signed-off-by: Parav Pandit <parav@mellanox.com>
Reviewed-by: Daniel Jurgens <danielj@mellanox.com>
Reviewed-by: Mark Bloch <markb@mellanox.com>
Signed-off-by: Saeed Mahameed <saeedm@mellanox.com>
---
drivers/net/ethernet/mellanox/mlx5/core/fs_core.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/fs_core.c b/drivers/net/ethernet/mellanox/mlx5/core/fs_core.c
index a49fc4fab3fa..158b941ae911 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/fs_core.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/fs_core.c
@@ -2247,7 +2247,7 @@ static struct mlx5_flow_root_namespace
cmds = mlx5_fs_cmd_get_default_ipsec_fpga_cmds(table_type);
/* Create the root namespace */
- root_ns = kvzalloc(sizeof(*root_ns), GFP_KERNEL);
+ root_ns = kzalloc(sizeof(*root_ns), GFP_KERNEL);
if (!root_ns)
return NULL;
--
2.20.1
From 28892bcc5014d9afee4364c05355791233104ad8 Mon Sep 17 00:00:00 2001
From: Saeed Mahameed <saeedm@mellanox.com>
Date: Thu, 23 May 2019 12:55:10 -0700
Subject: [PATCH 23/33] net/mlx5e: Disable rxhash when CQE compress is enabled
[ Upstream commit c0194e2d0ef0e5ce5e21a35640d23a706827ae28 ]
When CQE compression is enabled (Multi-host systems), compressed CQEs
might arrive to the driver rx, compressed CQEs don't have a valid hash
offload and the driver already reports a hash value of 0 and invalid hash
type on the skb for compressed CQEs, but this is not good enough.
On a congested PCIe, where CQE compression will kick in aggressively,
gro will deliver lots of out of order packets due to the invalid hash
and this might cause a serious performance drop.
The only valid solution, is to disable rxhash offload at all when CQE
compression is favorable (Multi-host systems).
Fixes: 7219ab34f184 ("net/mlx5e: CQE compression")
Signed-off-by: Saeed Mahameed <saeedm@mellanox.com>
---
drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_main.c b/drivers/net/ethernet/mellanox/mlx5/core/en_main.c
index 2d269acdbc8e..631a600bec4d 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/en_main.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/en_main.c
@@ -3789,6 +3789,12 @@ static netdev_features_t mlx5e_fix_features(struct net_device *netdev,
netdev_warn(netdev, "Disabling LRO, not supported in legacy RQ\n");
}
+ if (MLX5E_GET_PFLAG(params, MLX5E_PFLAG_RX_CQE_COMPRESS)) {
+ features &= ~NETIF_F_RXHASH;
+ if (netdev->features & NETIF_F_RXHASH)
+ netdev_warn(netdev, "Disabling rxhash, not supported when CQE compress is active\n");
+ }
+
mutex_unlock(&priv->state_lock);
return features;
@@ -3915,6 +3921,9 @@ int mlx5e_hwstamp_set(struct mlx5e_priv *priv, struct ifreq *ifr)
memcpy(&priv->tstamp, &config, sizeof(config));
mutex_unlock(&priv->state_lock);
+ /* might need to fix some features */
+ netdev_update_features(priv->netdev);
+
return copy_to_user(ifr->ifr_data, &config,
sizeof(config)) ? -EFAULT : 0;
}
@@ -4744,6 +4753,10 @@ static void mlx5e_build_nic_netdev(struct net_device *netdev)
if (!priv->channels.params.scatter_fcs_en)
netdev->features &= ~NETIF_F_RXFCS;
+ /* prefere CQE compression over rxhash */
+ if (MLX5E_GET_PFLAG(&priv->channels.params, MLX5E_PFLAG_RX_CQE_COMPRESS))
+ netdev->features &= ~NETIF_F_RXHASH;
+
#define FT_CAP(f) MLX5_CAP_FLOWTABLE(mdev, flow_table_properties_nic_receive.f)
if (FT_CAP(flow_modify_en) &&
FT_CAP(modify_root) &&
--
2.20.1
From fcf0ea5c2e979123ba7fa90b072ad7092ed56848 Mon Sep 17 00:00:00 2001
From: "Tan, Tee Min" <tee.min.tan@intel.com>
Date: Tue, 21 May 2019 12:55:42 +0800
Subject: [PATCH 24/33] net: stmmac: fix ethtool flow control not able to
get/set
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Currently ethtool was not able to get/set the flow control due to a
missing "!". It will always return -EOPNOTSUPP even the device is
flow control supported.
This patch fixes the condition check for ethtool flow control get/set
function for ETHTOOL_LINK_MODE_Asym_Pause_BIT.
Fixes: 3c1bcc8614db (“net: ethernet: Convert phydev advertize and supported from u32 to link mode”)
Signed-off-by: Tan, Tee Min <tee.min.tan@intel.com>
Reviewed-by: Ong Boon Leong <boon.leong.ong@intel.com>
Signed-off-by: Voon, Weifeng <weifeng.voon@intel.com@intel.com>
Reviewed-by: Andrew Lunn <andrew@lunn.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
---
drivers/net/ethernet/stmicro/stmmac/stmmac_ethtool.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/net/ethernet/stmicro/stmmac/stmmac_ethtool.c b/drivers/net/ethernet/stmicro/stmmac/stmmac_ethtool.c
index 3c749c327cbd..e09522c5509a 100644
--- a/drivers/net/ethernet/stmicro/stmmac/stmmac_ethtool.c
+++ b/drivers/net/ethernet/stmicro/stmmac/stmmac_ethtool.c
@@ -460,7 +460,7 @@ stmmac_get_pauseparam(struct net_device *netdev,
} else {
if (!linkmode_test_bit(ETHTOOL_LINK_MODE_Pause_BIT,
netdev->phydev->supported) ||
- linkmode_test_bit(ETHTOOL_LINK_MODE_Asym_Pause_BIT,
+ !linkmode_test_bit(ETHTOOL_LINK_MODE_Asym_Pause_BIT,
netdev->phydev->supported))
return;
}
@@ -491,7 +491,7 @@ stmmac_set_pauseparam(struct net_device *netdev,
} else {
if (!linkmode_test_bit(ETHTOOL_LINK_MODE_Pause_BIT,
phy->supported) ||
- linkmode_test_bit(ETHTOOL_LINK_MODE_Asym_Pause_BIT,
+ !linkmode_test_bit(ETHTOOL_LINK_MODE_Asym_Pause_BIT,
phy->supported))
return -EOPNOTSUPP;
}
--
2.20.1
From 0ea0923c7301a02933a7c4e12195eeaa7dd620f0 Mon Sep 17 00:00:00 2001
From: Weifeng Voon <weifeng.voon@intel.com>
Date: Tue, 21 May 2019 13:38:38 +0800
Subject: [PATCH 25/33] net: stmmac: dma channel control register need to be
init first
stmmac_init_chan() needs to be called before stmmac_init_rx_chan() and
stmmac_init_tx_chan(). This is because if PBLx8 is to be used,
"DMA_CH(#i)_Control.PBLx8" needs to be set before programming
"DMA_CH(#i)_TX_Control.TxPBL" and "DMA_CH(#i)_RX_Control.RxPBL".
Fixes: 47f2a9ce527a ("net: stmmac: dma channel init prepared for multiple queues")
Reviewed-by: Zhang, Baoli <baoli.zhang@intel.com>
Signed-off-by: Ong Boon Leong <boon.leong.ong@intel.com>
Signed-off-by: Weifeng Voon <weifeng.voon@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
---
drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c b/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c
index f0e0593e54f3..8841c5de8979 100644
--- a/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c
+++ b/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c
@@ -2190,6 +2190,10 @@ static int stmmac_init_dma_engine(struct stmmac_priv *priv)
if (priv->plat->axi)
stmmac_axi(priv, priv->ioaddr, priv->plat->axi);
+ /* DMA CSR Channel configuration */
+ for (chan = 0; chan < dma_csr_ch; chan++)
+ stmmac_init_chan(priv, priv->ioaddr, priv->plat->dma_cfg, chan);
+
/* DMA RX Channel Configuration */
for (chan = 0; chan < rx_channels_count; chan++) {
rx_q = &priv->rx_queue[chan];
@@ -2215,10 +2219,6 @@ static int stmmac_init_dma_engine(struct stmmac_priv *priv)
tx_q->tx_tail_addr, chan);
}
- /* DMA CSR Channel configuration */
- for (chan = 0; chan < dma_csr_ch; chan++)
- stmmac_init_chan(priv, priv->ioaddr, priv->plat->dma_cfg, chan);
-
return ret;
}
--
2.20.1
From 3c53a8e24dcdde49a7974a691d738fc3e6266fa1 Mon Sep 17 00:00:00 2001
From: Michael Chan <michael.chan@broadcom.com>
Date: Wed, 22 May 2019 19:12:54 -0400
Subject: [PATCH 26/33] bnxt_en: Fix aggregation buffer leak under OOM
condition.
[ Upstream commit 296d5b54163964b7ae536b8b57dfbd21d4e868e1 ]
For every RX packet, the driver replenishes all buffers used for that
packet and puts them back into the RX ring and RX aggregation ring.
In one code path where the RX packet has one RX buffer and one or more
aggregation buffers, we missed recycling the aggregation buffer(s) if
we are unable to allocate a new SKB buffer. This leads to the
aggregation ring slowly running out of buffers over time. Fix it
by properly recycling the aggregation buffers.
Fixes: c0c050c58d84 ("bnxt_en: New Broadcom ethernet driver.")
Reported-by: Rakesh Hemnani <rhemnani@fb.com>
Signed-off-by: Michael Chan <michael.chan@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
---
drivers/net/ethernet/broadcom/bnxt/bnxt.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt.c b/drivers/net/ethernet/broadcom/bnxt/bnxt.c
index c6ddbc0e084e..d45b2f0e3063 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt.c
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt.c
@@ -1636,6 +1636,8 @@ static int bnxt_rx_pkt(struct bnxt *bp, struct bnxt_cp_ring_info *cpr,
skb = bnxt_copy_skb(bnapi, data_ptr, len, dma_addr);
bnxt_reuse_rx_data(rxr, cons, data);
if (!skb) {
+ if (agg_bufs)
+ bnxt_reuse_rx_agg_bufs(cpr, cp_cons, agg_bufs);
rc = -ENOMEM;
goto next_rx;
}
--
2.20.1
From 0562573e7ed5e16445b7541c6519e5fc3213df69 Mon Sep 17 00:00:00 2001
From: Michael Chan <michael.chan@broadcom.com>
Date: Wed, 22 May 2019 19:12:55 -0400
Subject: [PATCH 27/33] bnxt_en: Fix possible BUG() condition when calling
pci_disable_msix().
[ Upstream commit 1b3f0b75c39f534278a895c117282014e9d0ae1f ]
When making configuration changes, the driver calls bnxt_close_nic()
and then bnxt_open_nic() for the changes to take effect. A parameter
irq_re_init is passed to the call sequence to indicate if IRQ
should be re-initialized. This irq_re_init parameter needs to
be included in the bnxt_reserve_rings() call. bnxt_reserve_rings()
can only call pci_disable_msix() if the irq_re_init parameter is
true, otherwise it may hit BUG() because some IRQs may not have been
freed yet.
Fixes: 41e8d7983752 ("bnxt_en: Modify the ring reservation functions for 57500 series chips.")
Signed-off-by: Michael Chan <michael.chan@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
---
drivers/net/ethernet/broadcom/bnxt/bnxt.c | 13 +++++++------
drivers/net/ethernet/broadcom/bnxt/bnxt.h | 2 +-
drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c | 2 +-
drivers/net/ethernet/broadcom/bnxt/bnxt_ulp.c | 2 +-
4 files changed, 10 insertions(+), 9 deletions(-)
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt.c b/drivers/net/ethernet/broadcom/bnxt/bnxt.c
index d45b2f0e3063..0229cb524326 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt.c
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt.c
@@ -7506,22 +7506,23 @@ static void bnxt_clear_int_mode(struct bnxt *bp)
bp->flags &= ~BNXT_FLAG_USING_MSIX;
}
-int bnxt_reserve_rings(struct bnxt *bp)
+int bnxt_reserve_rings(struct bnxt *bp, bool irq_re_init)
{
int tcs = netdev_get_num_tc(bp->dev);
- bool reinit_irq = false;
+ bool irq_cleared = false;
int rc;
if (!bnxt_need_reserve_rings(bp))
return 0;
- if (BNXT_NEW_RM(bp) && (bnxt_get_num_msix(bp) != bp->total_irqs)) {
+ if (irq_re_init && BNXT_NEW_RM(bp) &&
+ bnxt_get_num_msix(bp) != bp->total_irqs) {
bnxt_ulp_irq_stop(bp);
bnxt_clear_int_mode(bp);
- reinit_irq = true;
+ irq_cleared = true;
}
rc = __bnxt_reserve_rings(bp);
- if (reinit_irq) {
+ if (irq_cleared) {
if (!rc)
rc = bnxt_init_int_mode(bp);
bnxt_ulp_irq_restart(bp, rc);
@@ -8420,7 +8421,7 @@ static int __bnxt_open_nic(struct bnxt *bp, bool irq_re_init, bool link_re_init)
return rc;
}
}
- rc = bnxt_reserve_rings(bp);
+ rc = bnxt_reserve_rings(bp, irq_re_init);
if (rc)
return rc;
if ((bp->flags & BNXT_FLAG_RFS) &&
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt.h b/drivers/net/ethernet/broadcom/bnxt/bnxt.h
index 2fb653e0048d..4d8b89334472 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt.h
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt.h
@@ -1776,7 +1776,7 @@ unsigned int bnxt_get_avail_stat_ctxs_for_en(struct bnxt *bp);
unsigned int bnxt_get_max_func_cp_rings(struct bnxt *bp);
unsigned int bnxt_get_avail_cp_rings_for_en(struct bnxt *bp);
int bnxt_get_avail_msix(struct bnxt *bp, int num);
-int bnxt_reserve_rings(struct bnxt *bp);
+int bnxt_reserve_rings(struct bnxt *bp, bool irq_re_init);
void bnxt_tx_disable(struct bnxt *bp);
void bnxt_tx_enable(struct bnxt *bp);
int bnxt_hwrm_set_pause(struct bnxt *);
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c b/drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c
index adabbe94a259..e1460e391952 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c
@@ -788,7 +788,7 @@ static int bnxt_set_channels(struct net_device *dev,
*/
}
} else {
- rc = bnxt_reserve_rings(bp);
+ rc = bnxt_reserve_rings(bp, true);
}
return rc;
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt_ulp.c b/drivers/net/ethernet/broadcom/bnxt/bnxt_ulp.c
index ea45a9b8179e..7dd3f445afb6 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt_ulp.c
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt_ulp.c
@@ -150,7 +150,7 @@ static int bnxt_req_msix_vecs(struct bnxt_en_dev *edev, int ulp_id,
bnxt_close_nic(bp, true, false);
rc = bnxt_open_nic(bp, true, false);
} else {
- rc = bnxt_reserve_rings(bp);
+ rc = bnxt_reserve_rings(bp, true);
}
}
if (rc) {
--
2.20.1
From 76740c5a915123bc91639f493f23bceed357eb8b Mon Sep 17 00:00:00 2001
From: Michael Chan <michael.chan@broadcom.com>
Date: Wed, 22 May 2019 19:12:56 -0400
Subject: [PATCH 28/33] bnxt_en: Reduce memory usage when running in kdump
kernel.
[ Upstream commit d629522e1d66561f38e5c8d4f52bb6d254ec0707 ]
Skip RDMA context memory allocations, reduce to 1 ring, and disable
TPA when running in the kdump kernel. Without this patch, the driver
fails to initialize with memory allocation errors when running in a
typical kdump kernel.
Fixes: cf6daed098d1 ("bnxt_en: Increase context memory allocations on 57500 chips for RDMA.")
Signed-off-by: Michael Chan <michael.chan@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
---
drivers/net/ethernet/broadcom/bnxt/bnxt.c | 4 ++--
drivers/net/ethernet/broadcom/bnxt/bnxt.h | 4 +++-
2 files changed, 5 insertions(+), 3 deletions(-)
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt.c b/drivers/net/ethernet/broadcom/bnxt/bnxt.c
index 0229cb524326..300dbfdd4ae8 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt.c
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt.c
@@ -6338,7 +6338,7 @@ static int bnxt_alloc_ctx_mem(struct bnxt *bp)
if (!ctx || (ctx->flags & BNXT_CTX_FLAG_INITED))
return 0;
- if (bp->flags & BNXT_FLAG_ROCE_CAP) {
+ if ((bp->flags & BNXT_FLAG_ROCE_CAP) && !is_kdump_kernel()) {
pg_lvl = 2;
extra_qps = 65536;
extra_srqs = 8192;
@@ -10279,7 +10279,7 @@ static int bnxt_set_dflt_rings(struct bnxt *bp, bool sh)
if (sh)
bp->flags |= BNXT_FLAG_SHARED_RINGS;
- dflt_rings = netif_get_num_default_rss_queues();
+ dflt_rings = is_kdump_kernel() ? 1 : netif_get_num_default_rss_queues();
/* Reduce default rings on multi-port cards so that total default
* rings do not exceed CPU count.
*/
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt.h b/drivers/net/ethernet/broadcom/bnxt/bnxt.h
index 4d8b89334472..c09b20b08395 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt.h
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt.h
@@ -20,6 +20,7 @@
#include <linux/interrupt.h>
#include <linux/rhashtable.h>
+#include <linux/crash_dump.h>
#include <net/devlink.h>
#include <net/dst_metadata.h>
#include <net/switchdev.h>
@@ -1367,7 +1368,8 @@ struct bnxt {
#define BNXT_CHIP_TYPE_NITRO_A0(bp) ((bp)->flags & BNXT_FLAG_CHIP_NITRO_A0)
#define BNXT_RX_PAGE_MODE(bp) ((bp)->flags & BNXT_FLAG_RX_PAGE_MODE)
#define BNXT_SUPPORTS_TPA(bp) (!BNXT_CHIP_TYPE_NITRO_A0(bp) && \
- !(bp->flags & BNXT_FLAG_CHIP_P5))
+ !(bp->flags & BNXT_FLAG_CHIP_P5) && \
+ !is_kdump_kernel())
/* Chip class phase 5 */
#define BNXT_CHIP_P5(bp) \
--
2.20.1
From 54417ce354f2709d467b230b2a14b5e99117d997 Mon Sep 17 00:00:00 2001
From: Jakub Kicinski <jakub.kicinski@netronome.com>
Date: Tue, 21 May 2019 19:02:00 -0700
Subject: [PATCH 29/33] net/tls: avoid NULL-deref on resync during device
removal
[ Upstream commit 38030d7cb77963ba84cdbe034806e2b81245339f ]
When netdev with active kTLS sockets in unregistered
notifier callback walks the offloaded sockets and
cleans up offload state. RX data may still be processed,
however, and if resync was requested prior to device
removal we would hit a NULL pointer dereference on
ctx->netdev use.
Make sure resync is under the device offload lock
and NULL-check the netdev pointer.
This should be safe, because the pointer is set to
NULL either in the netdev notifier (under said lock)
or when socket is completely dead and no resync can
happen.
The other access to ctx->netdev in tls_validate_xmit_skb()
does not dereference the pointer, it just checks it against
other device pointer, so it should be pretty safe (perhaps
we can add a READ_ONCE/WRITE_ONCE there, if paranoid).
Fixes: 4799ac81e52a ("tls: Add rx inline crypto offload")
Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com>
Reviewed-by: Dirk van der Merwe <dirk.vandermerwe@netronome.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
---
net/tls/tls_device.c | 15 ++++++++++-----
1 file changed, 10 insertions(+), 5 deletions(-)
diff --git a/net/tls/tls_device.c b/net/tls/tls_device.c
index 7d5136ecee78..445d996b7412 100644
--- a/net/tls/tls_device.c
+++ b/net/tls/tls_device.c
@@ -555,8 +555,8 @@ static int tls_device_push_pending_record(struct sock *sk, int flags)
void handle_device_resync(struct sock *sk, u32 seq, u64 rcd_sn)
{
struct tls_context *tls_ctx = tls_get_ctx(sk);
- struct net_device *netdev = tls_ctx->netdev;
struct tls_offload_context_rx *rx_ctx;
+ struct net_device *netdev;
u32 is_req_pending;
s64 resync_req;
u32 req_seq;
@@ -570,10 +570,15 @@ void handle_device_resync(struct sock *sk, u32 seq, u64 rcd_sn)
is_req_pending = resync_req;
if (unlikely(is_req_pending) && req_seq == seq &&
- atomic64_try_cmpxchg(&rx_ctx->resync_req, &resync_req, 0))
- netdev->tlsdev_ops->tls_dev_resync_rx(netdev, sk,
- seq + TLS_HEADER_SIZE - 1,
- rcd_sn);
+ atomic64_try_cmpxchg(&rx_ctx->resync_req, &resync_req, 0)) {
+ seq += TLS_HEADER_SIZE - 1;
+ down_read(&device_offload_lock);
+ netdev = tls_ctx->netdev;
+ if (netdev)
+ netdev->tlsdev_ops->tls_dev_resync_rx(netdev, sk, seq,
+ rcd_sn);
+ up_read(&device_offload_lock);
+ }
}
static int tls_device_reencrypt(struct sock *sk, struct sk_buff *skb)
--
2.20.1
From bf7d7f8c696a8c9cba289b91267fc35972051508 Mon Sep 17 00:00:00 2001
From: Jakub Kicinski <jakub.kicinski@netronome.com>
Date: Tue, 21 May 2019 19:02:01 -0700
Subject: [PATCH 30/33] net/tls: fix state removal with feature flags off
[ Upstream commit 3686637e507b48525fcea6fb91e1988bdbc14530 ]
TLS offload drivers shouldn't (and currently don't) block
the TLS offload feature changes based on whether there are
active offloaded connections or not.
This seems to be a good idea, because we want the admin to
be able to disable the TLS offload at any time, and there
is no clean way of disabling it for active connections
(TX side is quite problematic). So if features are cleared
existing connections will stay offloaded until they close,
and new connections will not attempt offload to a given
device.
However, the offload state removal handling is currently
broken if feature flags get cleared while there are
active TLS offloads.
RX side will completely bail from cleanup, even on normal
remove path, leaving device state dangling, potentially
causing issues when the 5-tuple is reused. It will also
fail to release the netdev reference.
Remove the RX-side warning message, in next release cycle
it should be printed when features are disabled, rather
than when connection dies, but for that we need a more
efficient method of finding connection of a given netdev
(a'la BPF offload code).
Fixes: 4799ac81e52a ("tls: Add rx inline crypto offload")
Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com>
Reviewed-by: Dirk van der Merwe <dirk.vandermerwe@netronome.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
---
net/tls/tls_device.c | 6 ------
1 file changed, 6 deletions(-)
diff --git a/net/tls/tls_device.c b/net/tls/tls_device.c
index 445d996b7412..a7ea83c2c219 100644
--- a/net/tls/tls_device.c
+++ b/net/tls/tls_device.c
@@ -928,12 +928,6 @@ void tls_device_offload_cleanup_rx(struct sock *sk)
if (!netdev)
goto out;
- if (!(netdev->features & NETIF_F_HW_TLS_RX)) {
- pr_err_ratelimited("%s: device is missing NETIF_F_HW_TLS_RX cap\n",
- __func__);
- goto out;
- }
-
netdev->tlsdev_ops->tls_dev_del(netdev, tls_ctx,
TLS_OFFLOAD_CTX_DIR_RX);
--
2.20.1
From a36805d932f99de94e8504e37ba0727c4b6ac065 Mon Sep 17 00:00:00 2001
From: Jakub Kicinski <jakub.kicinski@netronome.com>
Date: Tue, 21 May 2019 19:02:02 -0700
Subject: [PATCH 31/33] net/tls: don't ignore netdev notifications if no TLS
features
[ Upstream commit c3f4a6c39cf269a40d45f813c05fa830318ad875 ]
On device surprise removal path (the notifier) we can't
bail just because the features are disabled. They may
have been enabled during the lifetime of the device.
This bug leads to leaking netdev references and
use-after-frees if there are active connections while
device features are cleared.
Fixes: e8f69799810c ("net/tls: Add generic NIC offload infrastructure")
Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com>
Reviewed-by: Dirk van der Merwe <dirk.vandermerwe@netronome.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
---
net/tls/tls_device.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/net/tls/tls_device.c b/net/tls/tls_device.c
index a7ea83c2c219..d43ef935cdef 100644
--- a/net/tls/tls_device.c
+++ b/net/tls/tls_device.c
@@ -986,7 +986,8 @@ static int tls_dev_event(struct notifier_block *this, unsigned long event,
{
struct net_device *dev = netdev_notifier_info_to_dev(ptr);
- if (!(dev->features & (NETIF_F_HW_TLS_RX | NETIF_F_HW_TLS_TX)))
+ if (!dev->tlsdev_ops &&
+ !(dev->features & (NETIF_F_HW_TLS_RX | NETIF_F_HW_TLS_TX)))
return NOTIFY_DONE;
switch (event) {
--
2.20.1
From 5d2b47bb912cb026498f7ee2eeb992564bc9d3d9 Mon Sep 17 00:00:00 2001
From: Vishal Kulkarni <vishal@chelsio.com>
Date: Thu, 23 May 2019 08:07:21 +0530
Subject: [PATCH 32/33] cxgb4: Revert "cxgb4: Remove SGE_HOST_PAGE_SIZE
dependency on page size"
[ Upstream commit ab0610efabb4c4f419a531455708caf1dd29357e ]
This reverts commit 2391b0030e241386d710df10e53e2cfc3c5d4fc1 which has
introduced regression. Now SGE's BAR2 Doorbell/GTS Page Size is
interpreted correctly in the firmware itself by using actual host
page size. Hence previous commit needs to be reverted.
Signed-off-by: Vishal Kulkarni <vishal@chelsio.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
---
drivers/net/ethernet/chelsio/cxgb4/t4_hw.c | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/drivers/net/ethernet/chelsio/cxgb4/t4_hw.c b/drivers/net/ethernet/chelsio/cxgb4/t4_hw.c
index 2b03f6187a24..29d3399c4995 100644
--- a/drivers/net/ethernet/chelsio/cxgb4/t4_hw.c
+++ b/drivers/net/ethernet/chelsio/cxgb4/t4_hw.c
@@ -7139,10 +7139,21 @@ int t4_fixup_host_params(struct adapter *adap, unsigned int page_size,
unsigned int cache_line_size)
{
unsigned int page_shift = fls(page_size) - 1;
+ unsigned int sge_hps = page_shift - 10;
unsigned int stat_len = cache_line_size > 64 ? 128 : 64;
unsigned int fl_align = cache_line_size < 32 ? 32 : cache_line_size;
unsigned int fl_align_log = fls(fl_align) - 1;
+ t4_write_reg(adap, SGE_HOST_PAGE_SIZE_A,
+ HOSTPAGESIZEPF0_V(sge_hps) |
+ HOSTPAGESIZEPF1_V(sge_hps) |
+ HOSTPAGESIZEPF2_V(sge_hps) |
+ HOSTPAGESIZEPF3_V(sge_hps) |
+ HOSTPAGESIZEPF4_V(sge_hps) |
+ HOSTPAGESIZEPF5_V(sge_hps) |
+ HOSTPAGESIZEPF6_V(sge_hps) |
+ HOSTPAGESIZEPF7_V(sge_hps));
+
if (is_t4(adap->params.chip)) {
t4_set_reg_field(adap, SGE_CONTROL_A,
INGPADBOUNDARY_V(INGPADBOUNDARY_M) |
--
2.20.1
From 9c140e4bd4f08b5e1db21fc9f40194fb9505e840 Mon Sep 17 00:00:00 2001
From: Willem de Bruijn <willemb@google.com>
Date: Thu, 30 May 2019 18:01:21 -0400
Subject: [PATCH 33/33] net: correct zerocopy refcnt with udp MSG_MORE
[ Upstream commit 100f6d8e09905c59be45b6316f8f369c0be1b2d8 ]
TCP zerocopy takes a uarg reference for every skb, plus one for the
tcp_sendmsg_locked datapath temporarily, to avoid reaching refcnt zero
as it builds, sends and frees skbs inside its inner loop.
UDP and RAW zerocopy do not send inside the inner loop so do not need
the extra sock_zerocopy_get + sock_zerocopy_put pair. Commit
52900d22288ed ("udp: elide zerocopy operation in hot path") introduced
extra_uref to pass the initial reference taken in sock_zerocopy_alloc
to the first generated skb.
But, sock_zerocopy_realloc takes this extra reference at the start of
every call. With MSG_MORE, no new skb may be generated to attach the
extra_uref to, so refcnt is incorrectly 2 with only one skb.
Do not take the extra ref if uarg && !tcp, which implies MSG_MORE.
Update extra_uref accordingly.
This conditional assignment triggers a false positive may be used
uninitialized warning, so have to initialize extra_uref at define.
Changes v1->v2: fix typo in Fixes SHA1
Fixes: 52900d22288e7 ("udp: elide zerocopy operation in hot path")
Reported-by: syzbot <syzkaller@googlegroups.com>
Diagnosed-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: Willem de Bruijn <willemb@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
---
net/core/skbuff.c | 6 +++++-
net/ipv4/ip_output.c | 4 ++--
net/ipv6/ip6_output.c | 4 ++--
3 files changed, 9 insertions(+), 5 deletions(-)
diff --git a/net/core/skbuff.c b/net/core/skbuff.c
index 40796b8bf820..e5bfd42fd083 100644
--- a/net/core/skbuff.c
+++ b/net/core/skbuff.c
@@ -1001,7 +1001,11 @@ struct ubuf_info *sock_zerocopy_realloc(struct sock *sk, size_t size,
uarg->len++;
uarg->bytelen = bytelen;
atomic_set(&sk->sk_zckey, ++next);
- sock_zerocopy_get(uarg);
+
+ /* no extra ref when appending to datagram (MSG_MORE) */
+ if (sk->sk_type == SOCK_STREAM)
+ sock_zerocopy_get(uarg);
+
return uarg;
}
}
diff --git a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c
index e8bb2e85c5a4..ac770940adb9 100644
--- a/net/ipv4/ip_output.c
+++ b/net/ipv4/ip_output.c
@@ -883,7 +883,7 @@ static int __ip_append_data(struct sock *sk,
int csummode = CHECKSUM_NONE;
struct rtable *rt = (struct rtable *)cork->dst;
unsigned int wmem_alloc_delta = 0;
- bool paged, extra_uref;
+ bool paged, extra_uref = false;
u32 tskey = 0;
skb = skb_peek_tail(queue);
@@ -923,7 +923,7 @@ static int __ip_append_data(struct sock *sk,
uarg = sock_zerocopy_realloc(sk, length, skb_zcopy(skb));
if (!uarg)
return -ENOBUFS;
- extra_uref = true;
+ extra_uref = !skb; /* only extra ref if !MSG_MORE */
if (rt->dst.dev->features & NETIF_F_SG &&
csummode == CHECKSUM_PARTIAL) {
paged = true;
diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c
index e71227390bec..de16c2e343ef 100644
--- a/net/ipv6/ip6_output.c
+++ b/net/ipv6/ip6_output.c
@@ -1269,7 +1269,7 @@ static int __ip6_append_data(struct sock *sk,
int csummode = CHECKSUM_NONE;
unsigned int maxnonfragsize, headersize;
unsigned int wmem_alloc_delta = 0;
- bool paged, extra_uref;
+ bool paged, extra_uref = false;
skb = skb_peek_tail(queue);
if (!skb) {
@@ -1338,7 +1338,7 @@ static int __ip6_append_data(struct sock *sk,
uarg = sock_zerocopy_realloc(sk, length, skb_zcopy(skb));
if (!uarg)
return -ENOBUFS;
- extra_uref = true;
+ extra_uref = !skb; /* only extra ref if !MSG_MORE */
if (rt->dst.dev->features & NETIF_F_SG &&
csummode == CHECKSUM_PARTIAL) {
paged = true;
--
2.20.1
[-- Attachment #3: net_51.mbox --]
[-- Type: Application/Octet-Stream, Size: 91502 bytes --]
From 47b6c554d960b3703ebc65cd033792b0eaf0039d Mon Sep 17 00:00:00 2001
From: Jarod Wilson <jarod@redhat.com>
Date: Fri, 24 May 2019 09:49:28 -0400
Subject: [PATCH 01/38] bonding/802.3ad: fix slave link initialization
transition states
[ Upstream commit 334031219a84b9994594015aab85ed7754c80176 ]
Once in a while, with just the right timing, 802.3ad slaves will fail to
properly initialize, winding up in a weird state, with a partner system
mac address of 00:00:00:00:00:00. This started happening after a fix to
properly track link_failure_count tracking, where an 802.3ad slave that
reported itself as link up in the miimon code, but wasn't able to get a
valid speed/duplex, started getting set to BOND_LINK_FAIL instead of
BOND_LINK_DOWN. That was the proper thing to do for the general "my link
went down" case, but has created a link initialization race that can put
the interface in this odd state.
The simple fix is to instead set the slave link to BOND_LINK_DOWN again,
if the link has never been up (last_link_up == 0), so the link state
doesn't bounce from BOND_LINK_DOWN to BOND_LINK_FAIL -- it hasn't failed
in this case, it simply hasn't been up yet, and this prevents the
unnecessary state change from DOWN to FAIL and getting stuck in an init
failure w/o a partner mac.
Fixes: ea53abfab960 ("bonding/802.3ad: fix link_failure_count tracking")
CC: Jay Vosburgh <j.vosburgh@gmail.com>
CC: Veaceslav Falico <vfalico@gmail.com>
CC: Andy Gospodarek <andy@greyhouse.net>
CC: "David S. Miller" <davem@davemloft.net>
CC: netdev@vger.kernel.org
Tested-by: Heesoon Kim <Heesoon.Kim@stratus.com>
Signed-off-by: Jarod Wilson <jarod@redhat.com>
Acked-by: Jay Vosburgh <jay.vosburgh@canonical.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
---
drivers/net/bonding/bond_main.c | 15 ++++++++++-----
1 file changed, 10 insertions(+), 5 deletions(-)
diff --git a/drivers/net/bonding/bond_main.c b/drivers/net/bonding/bond_main.c
index ee610721098e..f96efa363d34 100644
--- a/drivers/net/bonding/bond_main.c
+++ b/drivers/net/bonding/bond_main.c
@@ -3122,13 +3122,18 @@ static int bond_slave_netdev_event(unsigned long event,
case NETDEV_CHANGE:
/* For 802.3ad mode only:
* Getting invalid Speed/Duplex values here will put slave
- * in weird state. So mark it as link-fail for the time
- * being and let link-monitoring (miimon) set it right when
- * correct speeds/duplex are available.
+ * in weird state. Mark it as link-fail if the link was
+ * previously up or link-down if it hasn't yet come up, and
+ * let link-monitoring (miimon) set it right when correct
+ * speeds/duplex are available.
*/
if (bond_update_speed_duplex(slave) &&
- BOND_MODE(bond) == BOND_MODE_8023AD)
- slave->link = BOND_LINK_FAIL;
+ BOND_MODE(bond) == BOND_MODE_8023AD) {
+ if (slave->last_link_up)
+ slave->link = BOND_LINK_FAIL;
+ else
+ slave->link = BOND_LINK_DOWN;
+ }
if (BOND_MODE(bond) == BOND_MODE_8023AD)
bond_3ad_adapter_speed_duplex_changed(slave);
--
2.20.1
From 7d197dd47a55efa3037a41ffd46c0af968398b40 Mon Sep 17 00:00:00 2001
From: Raju Rangoju <rajur@chelsio.com>
Date: Thu, 23 May 2019 20:41:44 +0530
Subject: [PATCH 02/38] cxgb4: offload VLAN flows regardless of VLAN ethtype
[ Upstream commit b5730061d1056abf317caea823b94d6e12b5b4f6 ]
VLAN flows never get offloaded unless ivlan_vld is set in filter spec.
It's not compulsory for vlan_ethtype to be set.
So, always enable ivlan_vld bit for offloading VLAN flows regardless of
vlan_ethtype is set or not.
Fixes: ad9af3e09c (cxgb4: add tc flower match support for vlan)
Signed-off-by: Raju Rangoju <rajur@chelsio.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
---
drivers/net/ethernet/chelsio/cxgb4/cxgb4_tc_flower.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/drivers/net/ethernet/chelsio/cxgb4/cxgb4_tc_flower.c b/drivers/net/ethernet/chelsio/cxgb4/cxgb4_tc_flower.c
index 82a8d1970060..35462bccd91a 100644
--- a/drivers/net/ethernet/chelsio/cxgb4/cxgb4_tc_flower.c
+++ b/drivers/net/ethernet/chelsio/cxgb4/cxgb4_tc_flower.c
@@ -197,6 +197,9 @@ static void cxgb4_process_flow_match(struct net_device *dev,
fs->val.ivlan = vlan_tci;
fs->mask.ivlan = vlan_tci_mask;
+ fs->val.ivlan_vld = 1;
+ fs->mask.ivlan_vld = 1;
+
/* Chelsio adapters use ivlan_vld bit to match vlan packets
* as 802.1Q. Also, when vlan tag is present in packets,
* ethtype match is used then to match on ethtype of inner
@@ -207,8 +210,6 @@ static void cxgb4_process_flow_match(struct net_device *dev,
* ethtype value with ethtype of inner header.
*/
if (fs->val.ethtype == ETH_P_8021Q) {
- fs->val.ivlan_vld = 1;
- fs->mask.ivlan_vld = 1;
fs->val.ethtype = 0;
fs->mask.ethtype = 0;
}
--
2.20.1
From fd9d4072123e83904c263a03950293c1a6a64e97 Mon Sep 17 00:00:00 2001
From: Maxime Chevallier <maxime.chevallier@bootlin.com>
Date: Thu, 30 May 2019 16:08:40 +0200
Subject: [PATCH 03/38] ethtool: Check for vlan etype or vlan tci when parsing
flow_rule
[ Upstream commit b73484b2fc0d0ba84a13e9d86eb4adcae718163b ]
When parsing an ethtool flow spec to build a flow_rule, the code checks
if both the vlan etype and the vlan tci are specified by the user to add
a FLOW_DISSECTOR_KEY_VLAN match.
However, when the user only specified a vlan etype or a vlan tci, this
check silently ignores these parameters.
For example, the following rule :
ethtool -N eth0 flow-type udp4 vlan 0x0010 action -1 loc 0
will result in no error being issued, but the equivalent rule will be
created and passed to the NIC driver :
ethtool -N eth0 flow-type udp4 action -1 loc 0
In the end, neither the NIC driver using the rule nor the end user have
a way to know that these keys were dropped along the way, or that
incorrect parameters were entered.
This kind of check should be left to either the driver, or the ethtool
flow spec layer.
This commit makes so that ethtool parameters are forwarded as-is to the
NIC driver.
Since none of the users of ethtool_rx_flow_rule_create are using the
VLAN dissector, I don't think this qualifies as a regression.
Fixes: eca4205f9ec3 ("ethtool: add ethtool_rx_flow_spec to flow_rule structure translator")
Signed-off-by: Maxime Chevallier <maxime.chevallier@bootlin.com>
Acked-by: Pablo Neira Ayuso <pablo@gnumonks.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
---
net/core/ethtool.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/net/core/ethtool.c b/net/core/ethtool.c
index 36ed619faf36..014dcd63b451 100644
--- a/net/core/ethtool.c
+++ b/net/core/ethtool.c
@@ -3008,11 +3008,12 @@ ethtool_rx_flow_rule_create(const struct ethtool_rx_flow_spec_input *input)
const struct ethtool_flow_ext *ext_h_spec = &fs->h_ext;
const struct ethtool_flow_ext *ext_m_spec = &fs->m_ext;
- if (ext_m_spec->vlan_etype &&
- ext_m_spec->vlan_tci) {
+ if (ext_m_spec->vlan_etype) {
match->key.vlan.vlan_tpid = ext_h_spec->vlan_etype;
match->mask.vlan.vlan_tpid = ext_m_spec->vlan_etype;
+ }
+ if (ext_m_spec->vlan_tci) {
match->key.vlan.vlan_id =
ntohs(ext_h_spec->vlan_tci) & 0x0fff;
match->mask.vlan.vlan_id =
@@ -3022,7 +3023,10 @@ ethtool_rx_flow_rule_create(const struct ethtool_rx_flow_spec_input *input)
(ntohs(ext_h_spec->vlan_tci) & 0xe000) >> 13;
match->mask.vlan.vlan_priority =
(ntohs(ext_m_spec->vlan_tci) & 0xe000) >> 13;
+ }
+ if (ext_m_spec->vlan_etype ||
+ ext_m_spec->vlan_tci) {
match->dissector.used_keys |=
BIT(FLOW_DISSECTOR_KEY_VLAN);
match->dissector.offset[FLOW_DISSECTOR_KEY_VLAN] =
--
2.20.1
From 4f0b339fc413b59b5bde0c711cbb12a9f9a23a40 Mon Sep 17 00:00:00 2001
From: Eric Dumazet <edumazet@google.com>
Date: Wed, 27 Mar 2019 12:40:33 -0700
Subject: [PATCH 04/38] inet: switch IP ID generator to siphash
[ Upstream commit df453700e8d81b1bdafdf684365ee2b9431fb702 ]
According to Amit Klein and Benny Pinkas, IP ID generation is too weak
and might be used by attackers.
Even with recent net_hash_mix() fix (netns: provide pure entropy for net_hash_mix())
having 64bit key and Jenkins hash is risky.
It is time to switch to siphash and its 128bit keys.
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: Amit Klein <aksecurity@gmail.com>
Reported-by: Benny Pinkas <benny@pinkas.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
---
include/linux/siphash.h | 5 +++++
include/net/netns/ipv4.h | 2 ++
net/ipv4/route.c | 12 +++++++-----
net/ipv6/output_core.c | 30 ++++++++++++++++--------------
4 files changed, 30 insertions(+), 19 deletions(-)
diff --git a/include/linux/siphash.h b/include/linux/siphash.h
index fa7a6b9cedbf..bf21591a9e5e 100644
--- a/include/linux/siphash.h
+++ b/include/linux/siphash.h
@@ -21,6 +21,11 @@ typedef struct {
u64 key[2];
} siphash_key_t;
+static inline bool siphash_key_is_zero(const siphash_key_t *key)
+{
+ return !(key->key[0] | key->key[1]);
+}
+
u64 __siphash_aligned(const void *data, size_t len, const siphash_key_t *key);
#ifndef CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS
u64 __siphash_unaligned(const void *data, size_t len, const siphash_key_t *key);
diff --git a/include/net/netns/ipv4.h b/include/net/netns/ipv4.h
index 104a6669e344..7698460a3dd1 100644
--- a/include/net/netns/ipv4.h
+++ b/include/net/netns/ipv4.h
@@ -9,6 +9,7 @@
#include <linux/uidgid.h>
#include <net/inet_frag.h>
#include <linux/rcupdate.h>
+#include <linux/siphash.h>
struct tcpm_hash_bucket;
struct ctl_table_header;
@@ -217,5 +218,6 @@ struct netns_ipv4 {
unsigned int ipmr_seq; /* protected by rtnl_mutex */
atomic_t rt_genid;
+ siphash_key_t ip_id_key;
};
#endif
diff --git a/net/ipv4/route.c b/net/ipv4/route.c
index 6fdf1c195d8e..df6afb092936 100644
--- a/net/ipv4/route.c
+++ b/net/ipv4/route.c
@@ -500,15 +500,17 @@ EXPORT_SYMBOL(ip_idents_reserve);
void __ip_select_ident(struct net *net, struct iphdr *iph, int segs)
{
- static u32 ip_idents_hashrnd __read_mostly;
u32 hash, id;
- net_get_random_once(&ip_idents_hashrnd, sizeof(ip_idents_hashrnd));
+ /* Note the following code is not safe, but this is okay. */
+ if (unlikely(siphash_key_is_zero(&net->ipv4.ip_id_key)))
+ get_random_bytes(&net->ipv4.ip_id_key,
+ sizeof(net->ipv4.ip_id_key));
- hash = jhash_3words((__force u32)iph->daddr,
+ hash = siphash_3u32((__force u32)iph->daddr,
(__force u32)iph->saddr,
- iph->protocol ^ net_hash_mix(net),
- ip_idents_hashrnd);
+ iph->protocol,
+ &net->ipv4.ip_id_key);
id = ip_idents_reserve(hash, segs);
iph->id = htons(id);
}
diff --git a/net/ipv6/output_core.c b/net/ipv6/output_core.c
index 4fe7c90962dd..868ae23dbae1 100644
--- a/net/ipv6/output_core.c
+++ b/net/ipv6/output_core.c
@@ -10,15 +10,25 @@
#include <net/secure_seq.h>
#include <linux/netfilter.h>
-static u32 __ipv6_select_ident(struct net *net, u32 hashrnd,
+static u32 __ipv6_select_ident(struct net *net,
const struct in6_addr *dst,
const struct in6_addr *src)
{
+ const struct {
+ struct in6_addr dst;
+ struct in6_addr src;
+ } __aligned(SIPHASH_ALIGNMENT) combined = {
+ .dst = *dst,
+ .src = *src,
+ };
u32 hash, id;
- hash = __ipv6_addr_jhash(dst, hashrnd);
- hash = __ipv6_addr_jhash(src, hash);
- hash ^= net_hash_mix(net);
+ /* Note the following code is not safe, but this is okay. */
+ if (unlikely(siphash_key_is_zero(&net->ipv4.ip_id_key)))
+ get_random_bytes(&net->ipv4.ip_id_key,
+ sizeof(net->ipv4.ip_id_key));
+
+ hash = siphash(&combined, sizeof(combined), &net->ipv4.ip_id_key);
/* Treat id of 0 as unset and if we get 0 back from ip_idents_reserve,
* set the hight order instead thus minimizing possible future
@@ -41,7 +51,6 @@ static u32 __ipv6_select_ident(struct net *net, u32 hashrnd,
*/
__be32 ipv6_proxy_select_ident(struct net *net, struct sk_buff *skb)
{
- static u32 ip6_proxy_idents_hashrnd __read_mostly;
struct in6_addr buf[2];
struct in6_addr *addrs;
u32 id;
@@ -53,11 +62,7 @@ __be32 ipv6_proxy_select_ident(struct net *net, struct sk_buff *skb)
if (!addrs)
return 0;
- net_get_random_once(&ip6_proxy_idents_hashrnd,
- sizeof(ip6_proxy_idents_hashrnd));
-
- id = __ipv6_select_ident(net, ip6_proxy_idents_hashrnd,
- &addrs[1], &addrs[0]);
+ id = __ipv6_select_ident(net, &addrs[1], &addrs[0]);
return htonl(id);
}
EXPORT_SYMBOL_GPL(ipv6_proxy_select_ident);
@@ -66,12 +71,9 @@ __be32 ipv6_select_ident(struct net *net,
const struct in6_addr *daddr,
const struct in6_addr *saddr)
{
- static u32 ip6_idents_hashrnd __read_mostly;
u32 id;
- net_get_random_once(&ip6_idents_hashrnd, sizeof(ip6_idents_hashrnd));
-
- id = __ipv6_select_ident(net, ip6_idents_hashrnd, daddr, saddr);
+ id = __ipv6_select_ident(net, daddr, saddr);
return htonl(id);
}
EXPORT_SYMBOL(ipv6_select_ident);
--
2.20.1
From 566e70a1b2c05d50717d3e58e81e72f93bc1a0c1 Mon Sep 17 00:00:00 2001
From: Eric Dumazet <edumazet@google.com>
Date: Wed, 22 May 2019 16:51:22 -0700
Subject: [PATCH 05/38] ipv4/igmp: fix another memory leak in
igmpv3_del_delrec()
[ Upstream commit 3580d04aa674383c42de7b635d28e52a1e5bc72c ]
syzbot reported memory leaks [1] that I have back tracked to
a missing cleanup from igmpv3_del_delrec() when
(im->sfmode != MCAST_INCLUDE)
Add ip_sf_list_clear_all() and kfree_pmc() helpers to explicitely
handle the cleanups before freeing.
[1]
BUG: memory leak
unreferenced object 0xffff888123e32b00 (size 64):
comm "softirq", pid 0, jiffies 4294942968 (age 8.010s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 e0 00 00 01 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace:
[<000000006105011b>] kmemleak_alloc_recursive include/linux/kmemleak.h:55 [inline]
[<000000006105011b>] slab_post_alloc_hook mm/slab.h:439 [inline]
[<000000006105011b>] slab_alloc mm/slab.c:3326 [inline]
[<000000006105011b>] kmem_cache_alloc_trace+0x13d/0x280 mm/slab.c:3553
[<000000004bba8073>] kmalloc include/linux/slab.h:547 [inline]
[<000000004bba8073>] kzalloc include/linux/slab.h:742 [inline]
[<000000004bba8073>] ip_mc_add1_src net/ipv4/igmp.c:1961 [inline]
[<000000004bba8073>] ip_mc_add_src+0x36b/0x400 net/ipv4/igmp.c:2085
[<00000000a46a65a0>] ip_mc_msfilter+0x22d/0x310 net/ipv4/igmp.c:2475
[<000000005956ca89>] do_ip_setsockopt.isra.0+0x1795/0x1930 net/ipv4/ip_sockglue.c:957
[<00000000848e2d2f>] ip_setsockopt+0x3b/0xb0 net/ipv4/ip_sockglue.c:1246
[<00000000b9db185c>] udp_setsockopt+0x4e/0x90 net/ipv4/udp.c:2616
[<000000003028e438>] sock_common_setsockopt+0x38/0x50 net/core/sock.c:3130
[<0000000015b65589>] __sys_setsockopt+0x98/0x120 net/socket.c:2078
[<00000000ac198ef0>] __do_sys_setsockopt net/socket.c:2089 [inline]
[<00000000ac198ef0>] __se_sys_setsockopt net/socket.c:2086 [inline]
[<00000000ac198ef0>] __x64_sys_setsockopt+0x26/0x30 net/socket.c:2086
[<000000000a770437>] do_syscall_64+0x76/0x1a0 arch/x86/entry/common.c:301
[<00000000d3adb93b>] entry_SYSCALL_64_after_hwframe+0x44/0xa9
Fixes: 9c8bb163ae78 ("igmp, mld: Fix memory leak in igmpv3/mld_del_delrec()")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Hangbin Liu <liuhangbin@gmail.com>
Reported-by: syzbot <syzkaller@googlegroups.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
---
net/ipv4/igmp.c | 47 ++++++++++++++++++++++++++++++-----------------
1 file changed, 30 insertions(+), 17 deletions(-)
diff --git a/net/ipv4/igmp.c b/net/ipv4/igmp.c
index 6c2febc39dca..1a8d36dd49d4 100644
--- a/net/ipv4/igmp.c
+++ b/net/ipv4/igmp.c
@@ -633,6 +633,24 @@ static void igmpv3_clear_zeros(struct ip_sf_list **ppsf)
}
}
+static void ip_sf_list_clear_all(struct ip_sf_list *psf)
+{
+ struct ip_sf_list *next;
+
+ while (psf) {
+ next = psf->sf_next;
+ kfree(psf);
+ psf = next;
+ }
+}
+
+static void kfree_pmc(struct ip_mc_list *pmc)
+{
+ ip_sf_list_clear_all(pmc->sources);
+ ip_sf_list_clear_all(pmc->tomb);
+ kfree(pmc);
+}
+
static void igmpv3_send_cr(struct in_device *in_dev)
{
struct ip_mc_list *pmc, *pmc_prev, *pmc_next;
@@ -669,7 +687,7 @@ static void igmpv3_send_cr(struct in_device *in_dev)
else
in_dev->mc_tomb = pmc_next;
in_dev_put(pmc->interface);
- kfree(pmc);
+ kfree_pmc(pmc);
} else
pmc_prev = pmc;
}
@@ -1215,14 +1233,18 @@ static void igmpv3_del_delrec(struct in_device *in_dev, struct ip_mc_list *im)
im->interface = pmc->interface;
if (im->sfmode == MCAST_INCLUDE) {
im->tomb = pmc->tomb;
+ pmc->tomb = NULL;
+
im->sources = pmc->sources;
+ pmc->sources = NULL;
+
for (psf = im->sources; psf; psf = psf->sf_next)
psf->sf_crcount = in_dev->mr_qrv ?: net->ipv4.sysctl_igmp_qrv;
} else {
im->crcount = in_dev->mr_qrv ?: net->ipv4.sysctl_igmp_qrv;
}
in_dev_put(pmc->interface);
- kfree(pmc);
+ kfree_pmc(pmc);
}
spin_unlock_bh(&im->lock);
}
@@ -1243,21 +1265,18 @@ static void igmpv3_clear_delrec(struct in_device *in_dev)
nextpmc = pmc->next;
ip_mc_clear_src(pmc);
in_dev_put(pmc->interface);
- kfree(pmc);
+ kfree_pmc(pmc);
}
/* clear dead sources, too */
rcu_read_lock();
for_each_pmc_rcu(in_dev, pmc) {
- struct ip_sf_list *psf, *psf_next;
+ struct ip_sf_list *psf;
spin_lock_bh(&pmc->lock);
psf = pmc->tomb;
pmc->tomb = NULL;
spin_unlock_bh(&pmc->lock);
- for (; psf; psf = psf_next) {
- psf_next = psf->sf_next;
- kfree(psf);
- }
+ ip_sf_list_clear_all(psf);
}
rcu_read_unlock();
}
@@ -2123,7 +2142,7 @@ static int ip_mc_add_src(struct in_device *in_dev, __be32 *pmca, int sfmode,
static void ip_mc_clear_src(struct ip_mc_list *pmc)
{
- struct ip_sf_list *psf, *nextpsf, *tomb, *sources;
+ struct ip_sf_list *tomb, *sources;
spin_lock_bh(&pmc->lock);
tomb = pmc->tomb;
@@ -2135,14 +2154,8 @@ static void ip_mc_clear_src(struct ip_mc_list *pmc)
pmc->sfcount[MCAST_EXCLUDE] = 1;
spin_unlock_bh(&pmc->lock);
- for (psf = tomb; psf; psf = nextpsf) {
- nextpsf = psf->sf_next;
- kfree(psf);
- }
- for (psf = sources; psf; psf = nextpsf) {
- nextpsf = psf->sf_next;
- kfree(psf);
- }
+ ip_sf_list_clear_all(tomb);
+ ip_sf_list_clear_all(sources);
}
/* Join a multicast group
--
2.20.1
From 2b50768b91f8141ceffa611b90d767ff1c43cc8c Mon Sep 17 00:00:00 2001
From: Eric Dumazet <edumazet@google.com>
Date: Wed, 22 May 2019 18:35:16 -0700
Subject: [PATCH 06/38] ipv4/igmp: fix build error if !CONFIG_IP_MULTICAST
[ Upstream commit 903869bd10e6719b9df6718e785be7ec725df59f ]
ip_sf_list_clear_all() needs to be defined even if !CONFIG_IP_MULTICAST
Fixes: 3580d04aa674 ("ipv4/igmp: fix another memory leak in igmpv3_del_delrec()")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: kbuild test robot <lkp@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
---
net/ipv4/igmp.c | 22 +++++++++++-----------
1 file changed, 11 insertions(+), 11 deletions(-)
diff --git a/net/ipv4/igmp.c b/net/ipv4/igmp.c
index 1a8d36dd49d4..eb03153dfe12 100644
--- a/net/ipv4/igmp.c
+++ b/net/ipv4/igmp.c
@@ -188,6 +188,17 @@ static void ip_ma_put(struct ip_mc_list *im)
pmc != NULL; \
pmc = rtnl_dereference(pmc->next_rcu))
+static void ip_sf_list_clear_all(struct ip_sf_list *psf)
+{
+ struct ip_sf_list *next;
+
+ while (psf) {
+ next = psf->sf_next;
+ kfree(psf);
+ psf = next;
+ }
+}
+
#ifdef CONFIG_IP_MULTICAST
/*
@@ -633,17 +644,6 @@ static void igmpv3_clear_zeros(struct ip_sf_list **ppsf)
}
}
-static void ip_sf_list_clear_all(struct ip_sf_list *psf)
-{
- struct ip_sf_list *next;
-
- while (psf) {
- next = psf->sf_next;
- kfree(psf);
- psf = next;
- }
-}
-
static void kfree_pmc(struct ip_mc_list *pmc)
{
ip_sf_list_clear_all(pmc->sources);
--
2.20.1
From 4175cd4eae5a7de23da8c56d915c049316e5b805 Mon Sep 17 00:00:00 2001
From: Mike Manning <mmanning@vyatta.att-mail.com>
Date: Mon, 20 May 2019 19:57:17 +0100
Subject: [PATCH 07/38] ipv6: Consider sk_bound_dev_if when binding a raw
socket to an address
[ Upstream commit 72f7cfab6f93a8ea825fab8ccfb016d064269f7f ]
IPv6 does not consider if the socket is bound to a device when binding
to an address. The result is that a socket can be bound to eth0 and
then bound to the address of eth1. If the device is a VRF, the result
is that a socket can only be bound to an address in the default VRF.
Resolve by considering the device if sk_bound_dev_if is set.
Signed-off-by: Mike Manning <mmanning@vyatta.att-mail.com>
Reviewed-by: David Ahern <dsahern@gmail.com>
Tested-by: David Ahern <dsahern@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
---
net/ipv6/raw.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/net/ipv6/raw.c b/net/ipv6/raw.c
index 5a426226c762..5cb14eabfc65 100644
--- a/net/ipv6/raw.c
+++ b/net/ipv6/raw.c
@@ -287,7 +287,9 @@ static int rawv6_bind(struct sock *sk, struct sockaddr *uaddr, int addr_len)
/* Binding to link-local address requires an interface */
if (!sk->sk_bound_dev_if)
goto out_unlock;
+ }
+ if (sk->sk_bound_dev_if) {
err = -ENODEV;
dev = dev_get_by_index_rcu(sock_net(sk),
sk->sk_bound_dev_if);
--
2.20.1
From 3f3433b3b4e186d8b1d8ec261485012d27a28db7 Mon Sep 17 00:00:00 2001
From: David Ahern <dsahern@gmail.com>
Date: Wed, 22 May 2019 15:12:18 -0700
Subject: [PATCH 08/38] ipv6: Fix redirect with VRF
[ Upstream commit 31680ac265802397937d75461a2809a067b9fb93 ]
IPv6 redirect is broken for VRF. __ip6_route_redirect walks the FIB
entries looking for an exact match on ifindex. With VRF the flowi6_oif
is updated by l3mdev_update_flow to the l3mdev index and the
FLOWI_FLAG_SKIP_NH_OIF set in the flags to tell the lookup to skip the
device match. For redirects the device match is requires so use that
flag to know when the oif needs to be reset to the skb device index.
Fixes: ca254490c8df ("net: Add VRF support to IPv6 stack")
Signed-off-by: David Ahern <dsahern@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
---
net/ipv6/route.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/net/ipv6/route.c b/net/ipv6/route.c
index e470589fb93b..ab348489bd8a 100644
--- a/net/ipv6/route.c
+++ b/net/ipv6/route.c
@@ -2442,6 +2442,12 @@ static struct rt6_info *__ip6_route_redirect(struct net *net,
struct fib6_info *rt;
struct fib6_node *fn;
+ /* l3mdev_update_flow overrides oif if the device is enslaved; in
+ * this case we must match on the real ingress device, so reset it
+ */
+ if (fl6->flowi6_flags & FLOWI_FLAG_SKIP_NH_OIF)
+ fl6->flowi6_oif = skb->dev->ifindex;
+
/* Get the "current" route for this destination and
* check if the redirect has come from appropriate router.
*
--
2.20.1
From 6d5d5472268a609cde0d399cf39cfce2193841c3 Mon Sep 17 00:00:00 2001
From: Eric Dumazet <edumazet@google.com>
Date: Mon, 27 May 2019 17:35:52 -0700
Subject: [PATCH 09/38] llc: fix skb leak in llc_build_and_send_ui_pkt()
[ Upstream commit 8fb44d60d4142cd2a440620cd291d346e23c131e ]
If llc_mac_hdr_init() returns an error, we must drop the skb
since no llc_build_and_send_ui_pkt() caller will take care of this.
BUG: memory leak
unreferenced object 0xffff8881202b6800 (size 2048):
comm "syz-executor907", pid 7074, jiffies 4294943781 (age 8.590s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
1a 00 07 40 00 00 00 00 00 00 00 00 00 00 00 00 ...@............
backtrace:
[<00000000e25b5abe>] kmemleak_alloc_recursive include/linux/kmemleak.h:55 [inline]
[<00000000e25b5abe>] slab_post_alloc_hook mm/slab.h:439 [inline]
[<00000000e25b5abe>] slab_alloc mm/slab.c:3326 [inline]
[<00000000e25b5abe>] __do_kmalloc mm/slab.c:3658 [inline]
[<00000000e25b5abe>] __kmalloc+0x161/0x2c0 mm/slab.c:3669
[<00000000a1ae188a>] kmalloc include/linux/slab.h:552 [inline]
[<00000000a1ae188a>] sk_prot_alloc+0xd6/0x170 net/core/sock.c:1608
[<00000000ded25bbe>] sk_alloc+0x35/0x2f0 net/core/sock.c:1662
[<000000002ecae075>] llc_sk_alloc+0x35/0x170 net/llc/llc_conn.c:950
[<00000000551f7c47>] llc_ui_create+0x7b/0x140 net/llc/af_llc.c:173
[<0000000029027f0e>] __sock_create+0x164/0x250 net/socket.c:1430
[<000000008bdec225>] sock_create net/socket.c:1481 [inline]
[<000000008bdec225>] __sys_socket+0x69/0x110 net/socket.c:1523
[<00000000b6439228>] __do_sys_socket net/socket.c:1532 [inline]
[<00000000b6439228>] __se_sys_socket net/socket.c:1530 [inline]
[<00000000b6439228>] __x64_sys_socket+0x1e/0x30 net/socket.c:1530
[<00000000cec820c1>] do_syscall_64+0x76/0x1a0 arch/x86/entry/common.c:301
[<000000000c32554f>] entry_SYSCALL_64_after_hwframe+0x44/0xa9
BUG: memory leak
unreferenced object 0xffff88811d750d00 (size 224):
comm "syz-executor907", pid 7074, jiffies 4294943781 (age 8.600s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 f0 0c 24 81 88 ff ff 00 68 2b 20 81 88 ff ff ...$.....h+ ....
backtrace:
[<0000000053026172>] kmemleak_alloc_recursive include/linux/kmemleak.h:55 [inline]
[<0000000053026172>] slab_post_alloc_hook mm/slab.h:439 [inline]
[<0000000053026172>] slab_alloc_node mm/slab.c:3269 [inline]
[<0000000053026172>] kmem_cache_alloc_node+0x153/0x2a0 mm/slab.c:3579
[<00000000fa8f3c30>] __alloc_skb+0x6e/0x210 net/core/skbuff.c:198
[<00000000d96fdafb>] alloc_skb include/linux/skbuff.h:1058 [inline]
[<00000000d96fdafb>] alloc_skb_with_frags+0x5f/0x250 net/core/skbuff.c:5327
[<000000000a34a2e7>] sock_alloc_send_pskb+0x269/0x2a0 net/core/sock.c:2225
[<00000000ee39999b>] sock_alloc_send_skb+0x32/0x40 net/core/sock.c:2242
[<00000000e034d810>] llc_ui_sendmsg+0x10a/0x540 net/llc/af_llc.c:933
[<00000000c0bc8445>] sock_sendmsg_nosec net/socket.c:652 [inline]
[<00000000c0bc8445>] sock_sendmsg+0x54/0x70 net/socket.c:671
[<000000003b687167>] __sys_sendto+0x148/0x1f0 net/socket.c:1964
[<00000000922d78d9>] __do_sys_sendto net/socket.c:1976 [inline]
[<00000000922d78d9>] __se_sys_sendto net/socket.c:1972 [inline]
[<00000000922d78d9>] __x64_sys_sendto+0x2a/0x30 net/socket.c:1972
[<00000000cec820c1>] do_syscall_64+0x76/0x1a0 arch/x86/entry/common.c:301
[<000000000c32554f>] entry_SYSCALL_64_after_hwframe+0x44/0xa9
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: syzbot <syzkaller@googlegroups.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
---
net/llc/llc_output.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/net/llc/llc_output.c b/net/llc/llc_output.c
index 94425e421213..9e4b6bcf6920 100644
--- a/net/llc/llc_output.c
+++ b/net/llc/llc_output.c
@@ -72,6 +72,8 @@ int llc_build_and_send_ui_pkt(struct llc_sap *sap, struct sk_buff *skb,
rc = llc_mac_hdr_init(skb, skb->dev->dev_addr, dmac);
if (likely(!rc))
rc = dev_queue_xmit(skb);
+ else
+ kfree_skb(skb);
return rc;
}
--
2.20.1
From 22d0b646ee9a2cf1860c844d42dde6f7cd668e54 Mon Sep 17 00:00:00 2001
From: Jiri Pirko <jiri@mellanox.com>
Date: Wed, 29 May 2019 10:59:44 +0300
Subject: [PATCH 10/38] mlxsw: spectrum_acl: Avoid warning after identical
rules insertion
[ Upstream commit ef74422020aa8c224b00a927e3e47faac4d8fae3 ]
When identical rules are inserted, the latter one goes to C-TCAM. For
that, a second eRP with the same mask is created. These 2 eRPs by the
nature cannot be merged and also one cannot be parent of another.
Teach mlxsw_sp_acl_erp_delta_fill() about this possibility and handle it
gracefully.
Reported-by: Alex Kushnarov <alexanderk@mellanox.com>
Fixes: c22291f7cf45 ("mlxsw: spectrum: acl: Implement delta for ERP")
Signed-off-by: Jiri Pirko <jiri@mellanox.com>
Signed-off-by: Ido Schimmel <idosch@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
---
.../net/ethernet/mellanox/mlxsw/spectrum_acl_erp.c | 11 +++++------
1 file changed, 5 insertions(+), 6 deletions(-)
diff --git a/drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_erp.c b/drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_erp.c
index c1a9cc9a3292..4c98950380d5 100644
--- a/drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_erp.c
+++ b/drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_erp.c
@@ -1171,13 +1171,12 @@ mlxsw_sp_acl_erp_delta_fill(const struct mlxsw_sp_acl_erp_key *parent_key,
return -EINVAL;
}
if (si == -1) {
- /* The masks are the same, this cannot happen.
- * That means the caller is broken.
+ /* The masks are the same, this can happen in case eRPs with
+ * the same mask were created in both A-TCAM and C-TCAM.
+ * The only possible condition under which this can happen
+ * is identical rule insertion. Delta is not possible here.
*/
- WARN_ON(1);
- *delta_start = 0;
- *delta_mask = 0;
- return 0;
+ return -EINVAL;
}
pmask = (unsigned char) parent_key->mask[__MASK_IDX(si)];
mask = (unsigned char) key->mask[__MASK_IDX(si)];
--
2.20.1
From d34ba53a6562ed79d84f3b7b4cd7e88d2b4e7248 Mon Sep 17 00:00:00 2001
From: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
Date: Wed, 29 May 2019 07:02:11 +0000
Subject: [PATCH 11/38] net: dsa: mv88e6xxx: fix handling of upper half of
STATS_TYPE_PORT
[ Upstream commit 84b3fd1fc9592d431e23b077e692fa4e3fd0f086 ]
Currently, the upper half of a 4-byte STATS_TYPE_PORT statistic ends
up in bits 47:32 of the return value, instead of bits 31:16 as they
should.
Fixes: 6e46e2d821bb ("net: dsa: mv88e6xxx: Fix u64 statistics")
Signed-off-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
Reviewed-by: Vivien Didelot <vivien.didelot@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
---
drivers/net/dsa/mv88e6xxx/chip.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/dsa/mv88e6xxx/chip.c b/drivers/net/dsa/mv88e6xxx/chip.c
index f4e2db44ad91..720f1dde2c2d 100644
--- a/drivers/net/dsa/mv88e6xxx/chip.c
+++ b/drivers/net/dsa/mv88e6xxx/chip.c
@@ -910,7 +910,7 @@ static uint64_t _mv88e6xxx_get_ethtool_stat(struct mv88e6xxx_chip *chip,
err = mv88e6xxx_port_read(chip, port, s->reg + 1, ®);
if (err)
return U64_MAX;
- high = reg;
+ low |= ((u32)reg) << 16;
}
break;
case STATS_TYPE_BANK1:
--
2.20.1
From 446fe83f2fbd59fc487b5acdb6a6588b305aef2d Mon Sep 17 00:00:00 2001
From: Andy Duan <fugang.duan@nxp.com>
Date: Thu, 23 May 2019 01:55:28 +0000
Subject: [PATCH 12/38] net: fec: fix the clk mismatch in failed_reset path
[ Upstream commit ce8d24f9a5965a58c588f9342689702a1024433c ]
Fix the clk mismatch in the error path "failed_reset" because
below error path will disable clk_ahb and clk_ipg directly, it
should use pm_runtime_put_noidle() instead of pm_runtime_put()
to avoid to call runtime resume callback.
Reported-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Fugang Duan <fugang.duan@nxp.com>
Tested-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: David S. Miller <davem@davemloft.net>
---
drivers/net/ethernet/freescale/fec_main.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/freescale/fec_main.c b/drivers/net/ethernet/freescale/fec_main.c
index a96ad20ee484..878ccce1dfcd 100644
--- a/drivers/net/ethernet/freescale/fec_main.c
+++ b/drivers/net/ethernet/freescale/fec_main.c
@@ -3556,7 +3556,7 @@ fec_probe(struct platform_device *pdev)
if (fep->reg_phy)
regulator_disable(fep->reg_phy);
failed_reset:
- pm_runtime_put(&pdev->dev);
+ pm_runtime_put_noidle(&pdev->dev);
pm_runtime_disable(&pdev->dev);
failed_regulator:
clk_disable_unprepare(fep->clk_ahb);
--
2.20.1
From 6ca39eeb7cdff3cd130be36db9b9a3cb06da9ad8 Mon Sep 17 00:00:00 2001
From: Eric Dumazet <edumazet@google.com>
Date: Wed, 29 May 2019 15:36:10 -0700
Subject: [PATCH 13/38] net-gro: fix use-after-free read in napi_gro_frags()
[ Upstream commit a4270d6795b0580287453ea55974d948393e66ef ]
If a network driver provides to napi_gro_frags() an
skb with a page fragment of exactly 14 bytes, the call
to gro_pull_from_frag0() will 'consume' the fragment
by calling skb_frag_unref(skb, 0), and the page might
be freed and reused.
Reading eth->h_proto at the end of napi_frags_skb() might
read mangled data, or crash under specific debugging features.
BUG: KASAN: use-after-free in napi_frags_skb net/core/dev.c:5833 [inline]
BUG: KASAN: use-after-free in napi_gro_frags+0xc6f/0xd10 net/core/dev.c:5841
Read of size 2 at addr ffff88809366840c by task syz-executor599/8957
CPU: 1 PID: 8957 Comm: syz-executor599 Not tainted 5.2.0-rc1+ #32
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x172/0x1f0 lib/dump_stack.c:113
print_address_description.cold+0x7c/0x20d mm/kasan/report.c:188
__kasan_report.cold+0x1b/0x40 mm/kasan/report.c:317
kasan_report+0x12/0x20 mm/kasan/common.c:614
__asan_report_load_n_noabort+0xf/0x20 mm/kasan/generic_report.c:142
napi_frags_skb net/core/dev.c:5833 [inline]
napi_gro_frags+0xc6f/0xd10 net/core/dev.c:5841
tun_get_user+0x2f3c/0x3ff0 drivers/net/tun.c:1991
tun_chr_write_iter+0xbd/0x156 drivers/net/tun.c:2037
call_write_iter include/linux/fs.h:1872 [inline]
do_iter_readv_writev+0x5f8/0x8f0 fs/read_write.c:693
do_iter_write fs/read_write.c:970 [inline]
do_iter_write+0x184/0x610 fs/read_write.c:951
vfs_writev+0x1b3/0x2f0 fs/read_write.c:1015
do_writev+0x15b/0x330 fs/read_write.c:1058
Fixes: a50e233c50db ("net-gro: restore frag0 optimization")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: syzbot <syzkaller@googlegroups.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
---
net/core/dev.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/core/dev.c b/net/core/dev.c
index 255f99cb7c48..c6b2f6db0a9b 100644
--- a/net/core/dev.c
+++ b/net/core/dev.c
@@ -5804,7 +5804,6 @@ static struct sk_buff *napi_frags_skb(struct napi_struct *napi)
skb_reset_mac_header(skb);
skb_gro_reset_offset(skb);
- eth = skb_gro_header_fast(skb, 0);
if (unlikely(skb_gro_header_hard(skb, hlen))) {
eth = skb_gro_header_slow(skb, hlen, 0);
if (unlikely(!eth)) {
@@ -5814,6 +5813,7 @@ static struct sk_buff *napi_frags_skb(struct napi_struct *napi)
return NULL;
}
} else {
+ eth = (const struct ethhdr *)skb->data;
gro_pull_from_frag0(skb, hlen);
NAPI_GRO_CB(skb)->frag0 += hlen;
NAPI_GRO_CB(skb)->frag0_len -= hlen;
--
2.20.1
From 08aef1678d8405078133bed4176d53ffd2e5dae4 Mon Sep 17 00:00:00 2001
From: Jisheng Zhang <Jisheng.Zhang@synaptics.com>
Date: Mon, 27 May 2019 11:04:17 +0000
Subject: [PATCH 14/38] net: mvneta: Fix err code path of probe
[ Upstream commit d484e06e25ebb937d841dac02ac1fe76ec7d4ddd ]
Fix below issues in err code path of probe:
1. we don't need to unregister_netdev() because the netdev isn't
registered.
2. when register_netdev() fails, we also need to destroy bm pool for
HWBM case.
Fixes: dc35a10f68d3 ("net: mvneta: bm: add support for hardware buffer management")
Signed-off-by: Jisheng Zhang <Jisheng.Zhang@synaptics.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
---
drivers/net/ethernet/marvell/mvneta.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/drivers/net/ethernet/marvell/mvneta.c b/drivers/net/ethernet/marvell/mvneta.c
index c0a3718b2e2a..c7f4b72b3c07 100644
--- a/drivers/net/ethernet/marvell/mvneta.c
+++ b/drivers/net/ethernet/marvell/mvneta.c
@@ -4674,7 +4674,7 @@ static int mvneta_probe(struct platform_device *pdev)
err = register_netdev(dev);
if (err < 0) {
dev_err(&pdev->dev, "failed to register\n");
- goto err_free_stats;
+ goto err_netdev;
}
netdev_info(dev, "Using %s mac address %pM\n", mac_from,
@@ -4685,14 +4685,12 @@ static int mvneta_probe(struct platform_device *pdev)
return 0;
err_netdev:
- unregister_netdev(dev);
if (pp->bm_priv) {
mvneta_bm_pool_destroy(pp->bm_priv, pp->pool_long, 1 << pp->id);
mvneta_bm_pool_destroy(pp->bm_priv, pp->pool_short,
1 << pp->id);
mvneta_bm_put(pp->bm_priv);
}
-err_free_stats:
free_percpu(pp->stats);
err_free_ports:
free_percpu(pp->ports);
--
2.20.1
From 8d2c1b21f2c15dd3f695d77ba7f4097a951fbcd6 Mon Sep 17 00:00:00 2001
From: Antoine Tenart <antoine.tenart@bootlin.com>
Date: Wed, 29 May 2019 15:59:48 +0200
Subject: [PATCH 15/38] net: mvpp2: fix bad MVPP2_TXQ_SCHED_TOKEN_CNTR_REG
queue value
[ Upstream commit 21808437214637952b61beaba6034d97880fbeb3 ]
MVPP2_TXQ_SCHED_TOKEN_CNTR_REG() expects the logical queue id but
the current code is passing the global tx queue offset, so it ends
up writing to unknown registers (between 0x8280 and 0x82fc, which
seemed to be unused by the hardware). This fixes the issue by using
the logical queue id instead.
Fixes: 3f518509dedc ("ethernet: Add new driver for Marvell Armada 375 network unit")
Signed-off-by: Antoine Tenart <antoine.tenart@bootlin.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
---
drivers/net/ethernet/marvell/mvpp2/mvpp2_main.c | 10 ++++------
1 file changed, 4 insertions(+), 6 deletions(-)
diff --git a/drivers/net/ethernet/marvell/mvpp2/mvpp2_main.c b/drivers/net/ethernet/marvell/mvpp2/mvpp2_main.c
index 25fbed2b8d94..f4f076d7090e 100644
--- a/drivers/net/ethernet/marvell/mvpp2/mvpp2_main.c
+++ b/drivers/net/ethernet/marvell/mvpp2/mvpp2_main.c
@@ -1455,7 +1455,7 @@ static inline void mvpp2_xlg_max_rx_size_set(struct mvpp2_port *port)
/* Set defaults to the MVPP2 port */
static void mvpp2_defaults_set(struct mvpp2_port *port)
{
- int tx_port_num, val, queue, ptxq, lrxq;
+ int tx_port_num, val, queue, lrxq;
if (port->priv->hw_version == MVPP21) {
/* Update TX FIFO MIN Threshold */
@@ -1476,11 +1476,9 @@ static void mvpp2_defaults_set(struct mvpp2_port *port)
mvpp2_write(port->priv, MVPP2_TXP_SCHED_FIXED_PRIO_REG, 0);
/* Close bandwidth for all queues */
- for (queue = 0; queue < MVPP2_MAX_TXQ; queue++) {
- ptxq = mvpp2_txq_phys(port->id, queue);
+ for (queue = 0; queue < MVPP2_MAX_TXQ; queue++)
mvpp2_write(port->priv,
- MVPP2_TXQ_SCHED_TOKEN_CNTR_REG(ptxq), 0);
- }
+ MVPP2_TXQ_SCHED_TOKEN_CNTR_REG(queue), 0);
/* Set refill period to 1 usec, refill tokens
* and bucket size to maximum
@@ -2336,7 +2334,7 @@ static void mvpp2_txq_deinit(struct mvpp2_port *port,
txq->descs_dma = 0;
/* Set minimum bandwidth for disabled TXQs */
- mvpp2_write(port->priv, MVPP2_TXQ_SCHED_TOKEN_CNTR_REG(txq->id), 0);
+ mvpp2_write(port->priv, MVPP2_TXQ_SCHED_TOKEN_CNTR_REG(txq->log_id), 0);
/* Set Tx descriptors queue starting address and size */
thread = mvpp2_cpu_to_thread(port->priv, get_cpu());
--
2.20.1
From c4d4b07c2dd7319873d964479ba82a05237e988e Mon Sep 17 00:00:00 2001
From: Russell King <rmk+kernel@armlinux.org.uk>
Date: Tue, 28 May 2019 10:34:42 +0100
Subject: [PATCH 16/38] net: phy: marvell10g: report if the PHY fails to boot
firmware
[ Upstream commit 3d3ced2ec5d71b99d72ae6910fbdf890bc2eccf0 ]
Some boards do not have the PHY firmware programmed in the 3310's flash,
which leads to the PHY not working as expected. Warn the user when the
PHY fails to boot the firmware and refuse to initialise.
Fixes: 20b2af32ff3f ("net: phy: add Marvell Alaska X 88X3310 10Gigabit PHY support")
Signed-off-by: Russell King <rmk+kernel@armlinux.org.uk>
Tested-by: Maxime Chevallier <maxime.chevallier@bootlin.com>
Reviewed-by: Andrew Lunn <andrew@lunn.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
---
drivers/net/phy/marvell10g.c | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/drivers/net/phy/marvell10g.c b/drivers/net/phy/marvell10g.c
index 100b401b1f4a..754cde873dde 100644
--- a/drivers/net/phy/marvell10g.c
+++ b/drivers/net/phy/marvell10g.c
@@ -31,6 +31,9 @@
#define MV_PHY_ALASKA_NBT_QUIRK_REV (MARVELL_PHY_ID_88X3310 | 0xa)
enum {
+ MV_PMA_BOOT = 0xc050,
+ MV_PMA_BOOT_FATAL = BIT(0),
+
MV_PCS_BASE_T = 0x0000,
MV_PCS_BASE_R = 0x1000,
MV_PCS_1000BASEX = 0x2000,
@@ -211,6 +214,16 @@ static int mv3310_probe(struct phy_device *phydev)
(phydev->c45_ids.devices_in_package & mmd_mask) != mmd_mask)
return -ENODEV;
+ ret = phy_read_mmd(phydev, MDIO_MMD_PMAPMD, MV_PMA_BOOT);
+ if (ret < 0)
+ return ret;
+
+ if (ret & MV_PMA_BOOT_FATAL) {
+ dev_warn(&phydev->mdio.dev,
+ "PHY failed to boot firmware, status=%04x\n", ret);
+ return -ENODEV;
+ }
+
priv = devm_kzalloc(&phydev->mdio.dev, sizeof(*priv), GFP_KERNEL);
if (!priv)
return -ENOMEM;
--
2.20.1
From 676d1074d07b0d033f88c684b73c2ac75e92e0e4 Mon Sep 17 00:00:00 2001
From: Vlad Buslov <vladbu@mellanox.com>
Date: Thu, 23 May 2019 09:32:31 +0300
Subject: [PATCH 17/38] net: sched: don't use tc_action->order during action
dump
[ Upstream commit 4097e9d250fb17958c1d9b94538386edd3f20144 ]
Function tcf_action_dump() relies on tc_action->order field when starting
nested nla to send action data to userspace. This approach breaks in
several cases:
- When multiple filters point to same shared action, tc_action->order field
is overwritten each time it is attached to filter. This causes filter
dump to output action with incorrect attribute for all filters that have
the action in different position (different order) from the last set
tc_action->order value.
- When action data is displayed using tc action API (RTM_GETACTION), action
order is overwritten by tca_action_gd() according to its position in
resulting array of nl attributes, which will break filter dump for all
filters attached to that shared action that expect it to have different
order value.
Don't rely on tc_action->order when dumping actions. Set nla according to
action position in resulting array of actions instead.
Signed-off-by: Vlad Buslov <vladbu@mellanox.com>
Acked-by: Jamal Hadi Salim <jhs@mojatatu.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
---
net/sched/act_api.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/net/sched/act_api.c b/net/sched/act_api.c
index 5a87e271d35a..5b56b1cb2417 100644
--- a/net/sched/act_api.c
+++ b/net/sched/act_api.c
@@ -800,7 +800,7 @@ int tcf_action_dump(struct sk_buff *skb, struct tc_action *actions[],
for (i = 0; i < TCA_ACT_MAX_PRIO && actions[i]; i++) {
a = actions[i];
- nest = nla_nest_start(skb, a->order);
+ nest = nla_nest_start(skb, i + 1);
if (nest == NULL)
goto nla_put_failure;
err = tcf_action_dump_1(skb, a, bind, ref);
@@ -1300,7 +1300,6 @@ tca_action_gd(struct net *net, struct nlattr *nla, struct nlmsghdr *n,
ret = PTR_ERR(act);
goto err;
}
- act->order = i;
attr_size += tcf_action_fill_size(act);
actions[i - 1] = act;
}
--
2.20.1
From 2635bfe75a6b05cb4238e5be03733eab5a9d8241 Mon Sep 17 00:00:00 2001
From: Jisheng Zhang <Jisheng.Zhang@synaptics.com>
Date: Wed, 22 May 2019 10:05:09 +0000
Subject: [PATCH 18/38] net: stmmac: fix reset gpio free missing
[ Upstream commit 49ce881c0d4c4a7a35358d9dccd5f26d0e56fc61 ]
Commit 984203ceff27 ("net: stmmac: mdio: remove reset gpio free")
removed the reset gpio free, when the driver is unbinded or rmmod,
we miss the gpio free.
This patch uses managed API to request the reset gpio, so that the
gpio could be freed properly.
Fixes: 984203ceff27 ("net: stmmac: mdio: remove reset gpio free")
Signed-off-by: Jisheng Zhang <Jisheng.Zhang@synaptics.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
---
drivers/net/ethernet/stmicro/stmmac/stmmac_mdio.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/stmicro/stmmac/stmmac_mdio.c b/drivers/net/ethernet/stmicro/stmmac/stmmac_mdio.c
index bdd351597b55..093a223fe408 100644
--- a/drivers/net/ethernet/stmicro/stmmac/stmmac_mdio.c
+++ b/drivers/net/ethernet/stmicro/stmmac/stmmac_mdio.c
@@ -267,7 +267,8 @@ int stmmac_mdio_reset(struct mii_bus *bus)
of_property_read_u32_array(np,
"snps,reset-delays-us", data->delays, 3);
- if (gpio_request(data->reset_gpio, "mdio-reset"))
+ if (devm_gpio_request(priv->device, data->reset_gpio,
+ "mdio-reset"))
return 0;
}
--
2.20.1
From 488a0ee6cd7215c89caa2c11bc8d9b3501bfb6f9 Mon Sep 17 00:00:00 2001
From: Heiner Kallweit <hkallweit1@gmail.com>
Date: Wed, 29 May 2019 07:44:01 +0200
Subject: [PATCH 19/38] r8169: fix MAC address being lost in PCI D3
[ Upstream commit 59715171fbd0172a579576f46821031800a63bc5 ]
(At least) RTL8168e forgets its MAC address in PCI D3. To fix this set
the MAC address when resuming. For resuming from runtime-suspend we
had this in place already, for resuming from S3/S5 it was missing.
The commit referenced as being fixed isn't wrong, it's just the first
one where the patch applies cleanly.
Fixes: 0f07bd850d36 ("r8169: use dev_get_drvdata where possible")
Signed-off-by: Heiner Kallweit <hkallweit1@gmail.com>
Reported-by: Albert Astals Cid <aacid@kde.org>
Tested-by: Albert Astals Cid <aacid@kde.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
---
drivers/net/ethernet/realtek/r8169.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/net/ethernet/realtek/r8169.c b/drivers/net/ethernet/realtek/r8169.c
index ed651dde6ef9..6d176be51a6b 100644
--- a/drivers/net/ethernet/realtek/r8169.c
+++ b/drivers/net/ethernet/realtek/r8169.c
@@ -6914,6 +6914,8 @@ static int rtl8169_resume(struct device *device)
struct net_device *dev = dev_get_drvdata(device);
struct rtl8169_private *tp = netdev_priv(dev);
+ rtl_rar_set(tp, dev->dev_addr);
+
clk_prepare_enable(tp->clk);
if (netif_running(dev))
@@ -6947,6 +6949,7 @@ static int rtl8169_runtime_resume(struct device *device)
{
struct net_device *dev = dev_get_drvdata(device);
struct rtl8169_private *tp = netdev_priv(dev);
+
rtl_rar_set(tp, dev->dev_addr);
if (!tp->TxDescArray)
--
2.20.1
From 0dd0f90b8f9303d8e647394ee6816f488028e3b9 Mon Sep 17 00:00:00 2001
From: Kloetzke Jan <Jan.Kloetzke@preh.de>
Date: Tue, 21 May 2019 13:18:40 +0000
Subject: [PATCH 20/38] usbnet: fix kernel crash after disconnect
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
[ Upstream commit ad70411a978d1e6e97b1e341a7bde9a79af0c93d ]
When disconnecting cdc_ncm the kernel sporadically crashes shortly
after the disconnect:
[ 57.868812] Unable to handle kernel NULL pointer dereference at virtual address 00000000
...
[ 58.006653] PC is at 0x0
[ 58.009202] LR is at call_timer_fn+0xec/0x1b4
[ 58.013567] pc : [<0000000000000000>] lr : [<ffffff80080f5130>] pstate: 00000145
[ 58.020976] sp : ffffff8008003da0
[ 58.024295] x29: ffffff8008003da0 x28: 0000000000000001
[ 58.029618] x27: 000000000000000a x26: 0000000000000100
[ 58.034941] x25: 0000000000000000 x24: ffffff8008003e68
[ 58.040263] x23: 0000000000000000 x22: 0000000000000000
[ 58.045587] x21: 0000000000000000 x20: ffffffc68fac1808
[ 58.050910] x19: 0000000000000100 x18: 0000000000000000
[ 58.056232] x17: 0000007f885aff8c x16: 0000007f883a9f10
[ 58.061556] x15: 0000000000000001 x14: 000000000000006e
[ 58.066878] x13: 0000000000000000 x12: 00000000000000ba
[ 58.072201] x11: ffffffc69ff1db30 x10: 0000000000000020
[ 58.077524] x9 : 8000100008001000 x8 : 0000000000000001
[ 58.082847] x7 : 0000000000000800 x6 : ffffff8008003e70
[ 58.088169] x5 : ffffffc69ff17a28 x4 : 00000000ffff138b
[ 58.093492] x3 : 0000000000000000 x2 : 0000000000000000
[ 58.098814] x1 : 0000000000000000 x0 : 0000000000000000
...
[ 58.205800] [< (null)>] (null)
[ 58.210521] [<ffffff80080f5298>] expire_timers+0xa0/0x14c
[ 58.215937] [<ffffff80080f542c>] run_timer_softirq+0xe8/0x128
[ 58.221702] [<ffffff8008081120>] __do_softirq+0x298/0x348
[ 58.227118] [<ffffff80080a6304>] irq_exit+0x74/0xbc
[ 58.232009] [<ffffff80080e17dc>] __handle_domain_irq+0x78/0xac
[ 58.237857] [<ffffff8008080cf4>] gic_handle_irq+0x80/0xac
...
The crash happens roughly 125..130ms after the disconnect. This
correlates with the 'delay' timer that is started on certain USB tx/rx
errors in the URB completion handler.
The problem is a race of usbnet_stop() with usbnet_start_xmit(). In
usbnet_stop() we call usbnet_terminate_urbs() to cancel all URBs in
flight. This only makes sense if no new URBs are submitted
concurrently, though. But the usbnet_start_xmit() can run at the same
time on another CPU which almost unconditionally submits an URB. The
error callback of the new URB will then schedule the timer after it was
already stopped.
The fix adds a check if the tx queue is stopped after the tx list lock
has been taken. This should reliably prevent the submission of new URBs
while usbnet_terminate_urbs() does its job. The same thing is done on
the rx side even though it might be safe due to other flags that are
checked there.
Signed-off-by: Jan Klötzke <Jan.Kloetzke@preh.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
---
drivers/net/usb/usbnet.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/drivers/net/usb/usbnet.c b/drivers/net/usb/usbnet.c
index 504282af27e5..921cc0571bd0 100644
--- a/drivers/net/usb/usbnet.c
+++ b/drivers/net/usb/usbnet.c
@@ -506,6 +506,7 @@ static int rx_submit (struct usbnet *dev, struct urb *urb, gfp_t flags)
if (netif_running (dev->net) &&
netif_device_present (dev->net) &&
+ test_bit(EVENT_DEV_OPEN, &dev->flags) &&
!test_bit (EVENT_RX_HALT, &dev->flags) &&
!test_bit (EVENT_DEV_ASLEEP, &dev->flags)) {
switch (retval = usb_submit_urb (urb, GFP_ATOMIC)) {
@@ -1431,6 +1432,11 @@ netdev_tx_t usbnet_start_xmit (struct sk_buff *skb,
spin_unlock_irqrestore(&dev->txq.lock, flags);
goto drop;
}
+ if (netif_queue_stopped(net)) {
+ usb_autopm_put_interface_async(dev->intf);
+ spin_unlock_irqrestore(&dev->txq.lock, flags);
+ goto drop;
+ }
#ifdef CONFIG_PM
/* if this triggers the device is still a sleep */
--
2.20.1
From 9f80d4f90aae159499761c2dbcadd205a9f338d1 Mon Sep 17 00:00:00 2001
From: Parav Pandit <parav@mellanox.com>
Date: Fri, 10 May 2019 10:26:23 -0500
Subject: [PATCH 21/38] net/mlx5: Avoid double free in fs init error unwinding
path
[ Upstream commit 9414277a5df3669c67e818708c0f881597e0118e ]
In below code flow, for ingress acl table root ns memory leads
to double free.
mlx5_init_fs
init_ingress_acls_root_ns()
init_ingress_acl_root_ns
kfree(steering->esw_ingress_root_ns);
/* steering->esw_ingress_root_ns is not marked NULL */
mlx5_cleanup_fs
cleanup_ingress_acls_root_ns
steering->esw_ingress_root_ns non NULL check passes.
kfree(steering->esw_ingress_root_ns);
/* double free */
Similar issue exist for other tables.
Hence zero out the pointers to not process the table again.
Fixes: 9b93ab981e3bf ("net/mlx5: Separate ingress/egress namespaces for each vport")
Fixes: 40c3eebb49e51 ("net/mlx5: Add support in RDMA RX steering")
Signed-off-by: Parav Pandit <parav@mellanox.com>
Reviewed-by: Mark Bloch <markb@mellanox.com>
Signed-off-by: Saeed Mahameed <saeedm@mellanox.com>
---
drivers/net/ethernet/mellanox/mlx5/core/fs_core.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/fs_core.c b/drivers/net/ethernet/mellanox/mlx5/core/fs_core.c
index 581cc145795d..92df4c744e32 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/fs_core.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/fs_core.c
@@ -2429,6 +2429,7 @@ static void cleanup_egress_acls_root_ns(struct mlx5_core_dev *dev)
cleanup_root_ns(steering->esw_egress_root_ns[i]);
kfree(steering->esw_egress_root_ns);
+ steering->esw_egress_root_ns = NULL;
}
static void cleanup_ingress_acls_root_ns(struct mlx5_core_dev *dev)
@@ -2443,6 +2444,7 @@ static void cleanup_ingress_acls_root_ns(struct mlx5_core_dev *dev)
cleanup_root_ns(steering->esw_ingress_root_ns[i]);
kfree(steering->esw_ingress_root_ns);
+ steering->esw_ingress_root_ns = NULL;
}
void mlx5_cleanup_fs(struct mlx5_core_dev *dev)
@@ -2611,6 +2613,7 @@ static int init_egress_acls_root_ns(struct mlx5_core_dev *dev)
for (i--; i >= 0; i--)
cleanup_root_ns(steering->esw_egress_root_ns[i]);
kfree(steering->esw_egress_root_ns);
+ steering->esw_egress_root_ns = NULL;
return err;
}
@@ -2638,6 +2641,7 @@ static int init_ingress_acls_root_ns(struct mlx5_core_dev *dev)
for (i--; i >= 0; i--)
cleanup_root_ns(steering->esw_ingress_root_ns[i]);
kfree(steering->esw_ingress_root_ns);
+ steering->esw_ingress_root_ns = NULL;
return err;
}
--
2.20.1
From 9f611399aecd43755ef63c55a61c75d592fec41e Mon Sep 17 00:00:00 2001
From: Chris Packham <chris.packham@alliedtelesis.co.nz>
Date: Mon, 20 May 2019 15:45:36 +1200
Subject: [PATCH 22/38] tipc: Avoid copying bytes beyond the supplied data
TLV_SET is called with a data pointer and a len parameter that tells us
how many bytes are pointed to by data. When invoking memcpy() we need
to careful to only copy len bytes.
Previously we would copy TLV_LENGTH(len) bytes which would copy an extra
4 bytes past the end of the data pointer which newer GCC versions
complain about.
In file included from test.c:17:
In function 'TLV_SET',
inlined from 'test' at test.c:186:5:
/usr/include/linux/tipc_config.h:317:3:
warning: 'memcpy' forming offset [33, 36] is out of the bounds [0, 32]
of object 'bearer_name' with type 'char[32]' [-Warray-bounds]
memcpy(TLV_DATA(tlv_ptr), data, tlv_len);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
test.c: In function 'test':
test.c::161:10: note:
'bearer_name' declared here
char bearer_name[TIPC_MAX_BEARER_NAME];
^~~~~~~~~~~
We still want to ensure any padding bytes at the end are initialised, do
this with a explicit memset() rather than copy bytes past the end of
data. Apply the same logic to TCM_SET.
Signed-off-by: Chris Packham <chris.packham@alliedtelesis.co.nz>
Signed-off-by: David S. Miller <davem@davemloft.net>
---
include/uapi/linux/tipc_config.h | 10 +++++++---
1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/include/uapi/linux/tipc_config.h b/include/uapi/linux/tipc_config.h
index 4b2c93b1934c..4955e1a9f1bc 100644
--- a/include/uapi/linux/tipc_config.h
+++ b/include/uapi/linux/tipc_config.h
@@ -307,8 +307,10 @@ static inline int TLV_SET(void *tlv, __u16 type, void *data, __u16 len)
tlv_ptr = (struct tlv_desc *)tlv;
tlv_ptr->tlv_type = htons(type);
tlv_ptr->tlv_len = htons(tlv_len);
- if (len && data)
- memcpy(TLV_DATA(tlv_ptr), data, tlv_len);
+ if (len && data) {
+ memcpy(TLV_DATA(tlv_ptr), data, len);
+ memset(TLV_DATA(tlv_ptr) + len, 0, TLV_SPACE(len) - tlv_len);
+ }
return TLV_SPACE(len);
}
@@ -405,8 +407,10 @@ static inline int TCM_SET(void *msg, __u16 cmd, __u16 flags,
tcm_hdr->tcm_len = htonl(msg_len);
tcm_hdr->tcm_type = htons(cmd);
tcm_hdr->tcm_flags = htons(flags);
- if (data_len && data)
+ if (data_len && data) {
memcpy(TCM_DATA(msg), data, data_len);
+ memset(TCM_DATA(msg) + data_len, 0, TCM_SPACE(data_len) - msg_len);
+ }
return TCM_SPACE(data_len);
}
--
2.20.1
From 790a757e76a49ced4531aa707755cbea0abe6b5e Mon Sep 17 00:00:00 2001
From: Parav Pandit <parav@mellanox.com>
Date: Fri, 10 May 2019 10:40:08 -0500
Subject: [PATCH 23/38] net/mlx5: Allocate root ns memory using kzalloc to
match kfree
[ Upstream commit 25fa506b70cadb580c1e9cbd836d6417276d4bcd ]
root ns is yet another fs core node which is freed using kfree() by
tree_put_node().
Rest of the other fs core objects are also allocated using kmalloc
variants.
However, root ns memory is allocated using kvzalloc().
Hence allocate root ns memory using kzalloc().
Fixes: 2530236303d9e ("net/mlx5_core: Flow steering tree initialization")
Signed-off-by: Parav Pandit <parav@mellanox.com>
Reviewed-by: Daniel Jurgens <danielj@mellanox.com>
Reviewed-by: Mark Bloch <markb@mellanox.com>
Signed-off-by: Saeed Mahameed <saeedm@mellanox.com>
---
drivers/net/ethernet/mellanox/mlx5/core/fs_core.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/fs_core.c b/drivers/net/ethernet/mellanox/mlx5/core/fs_core.c
index 92df4c744e32..e29e5beb239d 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/fs_core.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/fs_core.c
@@ -2286,7 +2286,7 @@ static struct mlx5_flow_root_namespace
cmds = mlx5_fs_cmd_get_default_ipsec_fpga_cmds(table_type);
/* Create the root namespace */
- root_ns = kvzalloc(sizeof(*root_ns), GFP_KERNEL);
+ root_ns = kzalloc(sizeof(*root_ns), GFP_KERNEL);
if (!root_ns)
return NULL;
--
2.20.1
From 2d2697386f2e4a11e896025ba9fa779cfe3d110d Mon Sep 17 00:00:00 2001
From: Saeed Mahameed <saeedm@mellanox.com>
Date: Thu, 23 May 2019 12:55:10 -0700
Subject: [PATCH 24/38] net/mlx5e: Disable rxhash when CQE compress is enabled
[ Upstream commit c0194e2d0ef0e5ce5e21a35640d23a706827ae28 ]
When CQE compression is enabled (Multi-host systems), compressed CQEs
might arrive to the driver rx, compressed CQEs don't have a valid hash
offload and the driver already reports a hash value of 0 and invalid hash
type on the skb for compressed CQEs, but this is not good enough.
On a congested PCIe, where CQE compression will kick in aggressively,
gro will deliver lots of out of order packets due to the invalid hash
and this might cause a serious performance drop.
The only valid solution, is to disable rxhash offload at all when CQE
compression is favorable (Multi-host systems).
Fixes: 7219ab34f184 ("net/mlx5e: CQE compression")
Signed-off-by: Saeed Mahameed <saeedm@mellanox.com>
---
drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_main.c b/drivers/net/ethernet/mellanox/mlx5/core/en_main.c
index 46157e2a1e5a..1e2688e2ed47 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/en_main.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/en_main.c
@@ -3750,6 +3750,12 @@ static netdev_features_t mlx5e_fix_features(struct net_device *netdev,
netdev_warn(netdev, "Disabling LRO, not supported in legacy RQ\n");
}
+ if (MLX5E_GET_PFLAG(params, MLX5E_PFLAG_RX_CQE_COMPRESS)) {
+ features &= ~NETIF_F_RXHASH;
+ if (netdev->features & NETIF_F_RXHASH)
+ netdev_warn(netdev, "Disabling rxhash, not supported when CQE compress is active\n");
+ }
+
mutex_unlock(&priv->state_lock);
return features;
@@ -3875,6 +3881,9 @@ int mlx5e_hwstamp_set(struct mlx5e_priv *priv, struct ifreq *ifr)
memcpy(&priv->tstamp, &config, sizeof(config));
mutex_unlock(&priv->state_lock);
+ /* might need to fix some features */
+ netdev_update_features(priv->netdev);
+
return copy_to_user(ifr->ifr_data, &config,
sizeof(config)) ? -EFAULT : 0;
}
@@ -4734,6 +4743,10 @@ static void mlx5e_build_nic_netdev(struct net_device *netdev)
if (!priv->channels.params.scatter_fcs_en)
netdev->features &= ~NETIF_F_RXFCS;
+ /* prefere CQE compression over rxhash */
+ if (MLX5E_GET_PFLAG(&priv->channels.params, MLX5E_PFLAG_RX_CQE_COMPRESS))
+ netdev->features &= ~NETIF_F_RXHASH;
+
#define FT_CAP(f) MLX5_CAP_FLOWTABLE(mdev, flow_table_properties_nic_receive.f)
if (FT_CAP(flow_modify_en) &&
FT_CAP(modify_root) &&
--
2.20.1
From b2f4e2d854863e216e5f484caf1e3b5b312d2fa2 Mon Sep 17 00:00:00 2001
From: "Tan, Tee Min" <tee.min.tan@intel.com>
Date: Tue, 21 May 2019 12:55:42 +0800
Subject: [PATCH 25/38] net: stmmac: fix ethtool flow control not able to
get/set
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Currently ethtool was not able to get/set the flow control due to a
missing "!". It will always return -EOPNOTSUPP even the device is
flow control supported.
This patch fixes the condition check for ethtool flow control get/set
function for ETHTOOL_LINK_MODE_Asym_Pause_BIT.
Fixes: 3c1bcc8614db (“net: ethernet: Convert phydev advertize and supported from u32 to link mode”)
Signed-off-by: Tan, Tee Min <tee.min.tan@intel.com>
Reviewed-by: Ong Boon Leong <boon.leong.ong@intel.com>
Signed-off-by: Voon, Weifeng <weifeng.voon@intel.com@intel.com>
Reviewed-by: Andrew Lunn <andrew@lunn.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
---
drivers/net/ethernet/stmicro/stmmac/stmmac_ethtool.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/net/ethernet/stmicro/stmmac/stmmac_ethtool.c b/drivers/net/ethernet/stmicro/stmmac/stmmac_ethtool.c
index 3c749c327cbd..e09522c5509a 100644
--- a/drivers/net/ethernet/stmicro/stmmac/stmmac_ethtool.c
+++ b/drivers/net/ethernet/stmicro/stmmac/stmmac_ethtool.c
@@ -460,7 +460,7 @@ stmmac_get_pauseparam(struct net_device *netdev,
} else {
if (!linkmode_test_bit(ETHTOOL_LINK_MODE_Pause_BIT,
netdev->phydev->supported) ||
- linkmode_test_bit(ETHTOOL_LINK_MODE_Asym_Pause_BIT,
+ !linkmode_test_bit(ETHTOOL_LINK_MODE_Asym_Pause_BIT,
netdev->phydev->supported))
return;
}
@@ -491,7 +491,7 @@ stmmac_set_pauseparam(struct net_device *netdev,
} else {
if (!linkmode_test_bit(ETHTOOL_LINK_MODE_Pause_BIT,
phy->supported) ||
- linkmode_test_bit(ETHTOOL_LINK_MODE_Asym_Pause_BIT,
+ !linkmode_test_bit(ETHTOOL_LINK_MODE_Asym_Pause_BIT,
phy->supported))
return -EOPNOTSUPP;
}
--
2.20.1
From fecbea67df3acd4958d77a49664bf16f0c35399e Mon Sep 17 00:00:00 2001
From: Weifeng Voon <weifeng.voon@intel.com>
Date: Tue, 21 May 2019 13:38:38 +0800
Subject: [PATCH 26/38] net: stmmac: dma channel control register need to be
init first
stmmac_init_chan() needs to be called before stmmac_init_rx_chan() and
stmmac_init_tx_chan(). This is because if PBLx8 is to be used,
"DMA_CH(#i)_Control.PBLx8" needs to be set before programming
"DMA_CH(#i)_TX_Control.TxPBL" and "DMA_CH(#i)_RX_Control.RxPBL".
Fixes: 47f2a9ce527a ("net: stmmac: dma channel init prepared for multiple queues")
Reviewed-by: Zhang, Baoli <baoli.zhang@intel.com>
Signed-off-by: Ong Boon Leong <boon.leong.ong@intel.com>
Signed-off-by: Weifeng Voon <weifeng.voon@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
---
drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c b/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c
index 48712437d0da..3c409862c52e 100644
--- a/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c
+++ b/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c
@@ -2208,6 +2208,10 @@ static int stmmac_init_dma_engine(struct stmmac_priv *priv)
if (priv->plat->axi)
stmmac_axi(priv, priv->ioaddr, priv->plat->axi);
+ /* DMA CSR Channel configuration */
+ for (chan = 0; chan < dma_csr_ch; chan++)
+ stmmac_init_chan(priv, priv->ioaddr, priv->plat->dma_cfg, chan);
+
/* DMA RX Channel Configuration */
for (chan = 0; chan < rx_channels_count; chan++) {
rx_q = &priv->rx_queue[chan];
@@ -2233,10 +2237,6 @@ static int stmmac_init_dma_engine(struct stmmac_priv *priv)
tx_q->tx_tail_addr, chan);
}
- /* DMA CSR Channel configuration */
- for (chan = 0; chan < dma_csr_ch; chan++)
- stmmac_init_chan(priv, priv->ioaddr, priv->plat->dma_cfg, chan);
-
return ret;
}
--
2.20.1
From 4868f9b90ed3e87d526b758f1fa49b1083dd6a08 Mon Sep 17 00:00:00 2001
From: Michael Chan <michael.chan@broadcom.com>
Date: Wed, 22 May 2019 19:12:54 -0400
Subject: [PATCH 27/38] bnxt_en: Fix aggregation buffer leak under OOM
condition.
[ Upstream commit 296d5b54163964b7ae536b8b57dfbd21d4e868e1 ]
For every RX packet, the driver replenishes all buffers used for that
packet and puts them back into the RX ring and RX aggregation ring.
In one code path where the RX packet has one RX buffer and one or more
aggregation buffers, we missed recycling the aggregation buffer(s) if
we are unable to allocate a new SKB buffer. This leads to the
aggregation ring slowly running out of buffers over time. Fix it
by properly recycling the aggregation buffers.
Fixes: c0c050c58d84 ("bnxt_en: New Broadcom ethernet driver.")
Reported-by: Rakesh Hemnani <rhemnani@fb.com>
Signed-off-by: Michael Chan <michael.chan@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
---
drivers/net/ethernet/broadcom/bnxt/bnxt.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt.c b/drivers/net/ethernet/broadcom/bnxt/bnxt.c
index 52ade133b57c..0519d79e500b 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt.c
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt.c
@@ -1640,6 +1640,8 @@ static int bnxt_rx_pkt(struct bnxt *bp, struct bnxt_cp_ring_info *cpr,
skb = bnxt_copy_skb(bnapi, data_ptr, len, dma_addr);
bnxt_reuse_rx_data(rxr, cons, data);
if (!skb) {
+ if (agg_bufs)
+ bnxt_reuse_rx_agg_bufs(cpr, cp_cons, agg_bufs);
rc = -ENOMEM;
goto next_rx;
}
--
2.20.1
From d6ae8d374bd217f186d72be2f8c82cd160bbebba Mon Sep 17 00:00:00 2001
From: Michael Chan <michael.chan@broadcom.com>
Date: Wed, 22 May 2019 19:12:55 -0400
Subject: [PATCH 28/38] bnxt_en: Fix possible BUG() condition when calling
pci_disable_msix().
[ Upstream commit 1b3f0b75c39f534278a895c117282014e9d0ae1f ]
When making configuration changes, the driver calls bnxt_close_nic()
and then bnxt_open_nic() for the changes to take effect. A parameter
irq_re_init is passed to the call sequence to indicate if IRQ
should be re-initialized. This irq_re_init parameter needs to
be included in the bnxt_reserve_rings() call. bnxt_reserve_rings()
can only call pci_disable_msix() if the irq_re_init parameter is
true, otherwise it may hit BUG() because some IRQs may not have been
freed yet.
Fixes: 41e8d7983752 ("bnxt_en: Modify the ring reservation functions for 57500 series chips.")
Signed-off-by: Michael Chan <michael.chan@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
---
drivers/net/ethernet/broadcom/bnxt/bnxt.c | 13 +++++++------
drivers/net/ethernet/broadcom/bnxt/bnxt.h | 2 +-
drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c | 2 +-
drivers/net/ethernet/broadcom/bnxt/bnxt_ulp.c | 2 +-
4 files changed, 10 insertions(+), 9 deletions(-)
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt.c b/drivers/net/ethernet/broadcom/bnxt/bnxt.c
index 0519d79e500b..96567c7e8fc5 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt.c
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt.c
@@ -7514,22 +7514,23 @@ static void bnxt_clear_int_mode(struct bnxt *bp)
bp->flags &= ~BNXT_FLAG_USING_MSIX;
}
-int bnxt_reserve_rings(struct bnxt *bp)
+int bnxt_reserve_rings(struct bnxt *bp, bool irq_re_init)
{
int tcs = netdev_get_num_tc(bp->dev);
- bool reinit_irq = false;
+ bool irq_cleared = false;
int rc;
if (!bnxt_need_reserve_rings(bp))
return 0;
- if (BNXT_NEW_RM(bp) && (bnxt_get_num_msix(bp) != bp->total_irqs)) {
+ if (irq_re_init && BNXT_NEW_RM(bp) &&
+ bnxt_get_num_msix(bp) != bp->total_irqs) {
bnxt_ulp_irq_stop(bp);
bnxt_clear_int_mode(bp);
- reinit_irq = true;
+ irq_cleared = true;
}
rc = __bnxt_reserve_rings(bp);
- if (reinit_irq) {
+ if (irq_cleared) {
if (!rc)
rc = bnxt_init_int_mode(bp);
bnxt_ulp_irq_restart(bp, rc);
@@ -8428,7 +8429,7 @@ static int __bnxt_open_nic(struct bnxt *bp, bool irq_re_init, bool link_re_init)
return rc;
}
}
- rc = bnxt_reserve_rings(bp);
+ rc = bnxt_reserve_rings(bp, irq_re_init);
if (rc)
return rc;
if ((bp->flags & BNXT_FLAG_RFS) &&
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt.h b/drivers/net/ethernet/broadcom/bnxt/bnxt.h
index cf81ace7a6e6..2305e6c943b4 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt.h
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt.h
@@ -1778,7 +1778,7 @@ unsigned int bnxt_get_avail_stat_ctxs_for_en(struct bnxt *bp);
unsigned int bnxt_get_max_func_cp_rings(struct bnxt *bp);
unsigned int bnxt_get_avail_cp_rings_for_en(struct bnxt *bp);
int bnxt_get_avail_msix(struct bnxt *bp, int num);
-int bnxt_reserve_rings(struct bnxt *bp);
+int bnxt_reserve_rings(struct bnxt *bp, bool irq_re_init);
void bnxt_tx_disable(struct bnxt *bp);
void bnxt_tx_enable(struct bnxt *bp);
int bnxt_hwrm_set_pause(struct bnxt *);
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c b/drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c
index adabbe94a259..e1460e391952 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c
@@ -788,7 +788,7 @@ static int bnxt_set_channels(struct net_device *dev,
*/
}
} else {
- rc = bnxt_reserve_rings(bp);
+ rc = bnxt_reserve_rings(bp, true);
}
return rc;
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt_ulp.c b/drivers/net/ethernet/broadcom/bnxt/bnxt_ulp.c
index cf475873ce81..bfa342a98d08 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt_ulp.c
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt_ulp.c
@@ -147,7 +147,7 @@ static int bnxt_req_msix_vecs(struct bnxt_en_dev *edev, int ulp_id,
bnxt_close_nic(bp, true, false);
rc = bnxt_open_nic(bp, true, false);
} else {
- rc = bnxt_reserve_rings(bp);
+ rc = bnxt_reserve_rings(bp, true);
}
}
if (rc) {
--
2.20.1
From 35f72a7d992b822c47026ffe4765a2339ae3f755 Mon Sep 17 00:00:00 2001
From: Michael Chan <michael.chan@broadcom.com>
Date: Wed, 22 May 2019 19:12:56 -0400
Subject: [PATCH 29/38] bnxt_en: Reduce memory usage when running in kdump
kernel.
[ Upstream commit d629522e1d66561f38e5c8d4f52bb6d254ec0707 ]
Skip RDMA context memory allocations, reduce to 1 ring, and disable
TPA when running in the kdump kernel. Without this patch, the driver
fails to initialize with memory allocation errors when running in a
typical kdump kernel.
Fixes: cf6daed098d1 ("bnxt_en: Increase context memory allocations on 57500 chips for RDMA.")
Signed-off-by: Michael Chan <michael.chan@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
---
drivers/net/ethernet/broadcom/bnxt/bnxt.c | 4 ++--
drivers/net/ethernet/broadcom/bnxt/bnxt.h | 4 +++-
2 files changed, 5 insertions(+), 3 deletions(-)
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt.c b/drivers/net/ethernet/broadcom/bnxt/bnxt.c
index 96567c7e8fc5..30cafe4cdb6e 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt.c
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt.c
@@ -6342,7 +6342,7 @@ static int bnxt_alloc_ctx_mem(struct bnxt *bp)
if (!ctx || (ctx->flags & BNXT_CTX_FLAG_INITED))
return 0;
- if (bp->flags & BNXT_FLAG_ROCE_CAP) {
+ if ((bp->flags & BNXT_FLAG_ROCE_CAP) && !is_kdump_kernel()) {
pg_lvl = 2;
extra_qps = 65536;
extra_srqs = 8192;
@@ -10340,7 +10340,7 @@ static int bnxt_set_dflt_rings(struct bnxt *bp, bool sh)
if (sh)
bp->flags |= BNXT_FLAG_SHARED_RINGS;
- dflt_rings = netif_get_num_default_rss_queues();
+ dflt_rings = is_kdump_kernel() ? 1 : netif_get_num_default_rss_queues();
/* Reduce default rings on multi-port cards so that total default
* rings do not exceed CPU count.
*/
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt.h b/drivers/net/ethernet/broadcom/bnxt/bnxt.h
index 2305e6c943b4..0fb93280ad4e 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt.h
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt.h
@@ -20,6 +20,7 @@
#include <linux/interrupt.h>
#include <linux/rhashtable.h>
+#include <linux/crash_dump.h>
#include <net/devlink.h>
#include <net/dst_metadata.h>
#include <net/xdp.h>
@@ -1367,7 +1368,8 @@ struct bnxt {
#define BNXT_CHIP_TYPE_NITRO_A0(bp) ((bp)->flags & BNXT_FLAG_CHIP_NITRO_A0)
#define BNXT_RX_PAGE_MODE(bp) ((bp)->flags & BNXT_FLAG_RX_PAGE_MODE)
#define BNXT_SUPPORTS_TPA(bp) (!BNXT_CHIP_TYPE_NITRO_A0(bp) && \
- !(bp->flags & BNXT_FLAG_CHIP_P5))
+ !(bp->flags & BNXT_FLAG_CHIP_P5) && \
+ !is_kdump_kernel())
/* Chip class phase 5 */
#define BNXT_CHIP_P5(bp) \
--
2.20.1
From 74c4f58233de47c9b3506ba5394626b99237b85d Mon Sep 17 00:00:00 2001
From: Jakub Kicinski <jakub.kicinski@netronome.com>
Date: Fri, 24 May 2019 10:34:30 -0700
Subject: [PATCH 30/38] net/tls: fix lowat calculation if some data came from
previous record
[ Upstream commit 46a1695960d0600d58da7af33c65f24f3d839674 ]
If some of the data came from the previous record, i.e. from
the rx_list it had already been decrypted, so it's not counted
towards the "decrypted" variable, but the "copied" variable.
Take that into account when checking lowat.
When calculating lowat target we need to pass the original len.
E.g. if lowat is at 80, len is 100 and we had 30 bytes on rx_list
target would currently be incorrectly calculated as 70, even though
we only need 50 more bytes to make up the 80.
Fixes: 692d7b5d1f91 ("tls: Fix recvmsg() to be able to peek across multiple records")
Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com>
Reviewed-by: Dirk van der Merwe <dirk.vandermerwe@netronome.com>
Tested-by: David Beckett <david.beckett@netronome.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
---
net/tls/tls_sw.c | 13 ++++++-------
1 file changed, 6 insertions(+), 7 deletions(-)
diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c
index 29d6af43dd24..467c68503799 100644
--- a/net/tls/tls_sw.c
+++ b/net/tls/tls_sw.c
@@ -1685,13 +1685,12 @@ int tls_sw_recvmsg(struct sock *sk,
copied = err;
}
- len = len - copied;
- if (len) {
- target = sock_rcvlowat(sk, flags & MSG_WAITALL, len);
- timeo = sock_rcvtimeo(sk, flags & MSG_DONTWAIT);
- } else {
+ if (len <= copied)
goto recv_end;
- }
+
+ target = sock_rcvlowat(sk, flags & MSG_WAITALL, len);
+ len = len - copied;
+ timeo = sock_rcvtimeo(sk, flags & MSG_DONTWAIT);
do {
bool retain_skb = false;
@@ -1826,7 +1825,7 @@ int tls_sw_recvmsg(struct sock *sk,
}
/* If we have a new message from strparser, continue now. */
- if (decrypted >= target && !ctx->recv_pkt)
+ if (decrypted + copied >= target && !ctx->recv_pkt)
break;
} while (len);
--
2.20.1
From f032178cfd5d7f7fa7dcb655d9999d31c21a34d9 Mon Sep 17 00:00:00 2001
From: Jakub Kicinski <jakub.kicinski@netronome.com>
Date: Fri, 24 May 2019 10:34:31 -0700
Subject: [PATCH 31/38] selftests/tls: test for lowat overshoot with multiple
records
[ Upstream commit 7718a855cd7ae9fc27a2aa1532ee105d52eb7634 ]
Set SO_RCVLOWAT and test it gets respected when gathering
data from multiple records.
Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com>
Reviewed-by: Dirk van der Merwe <dirk.vandermerwe@netronome.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
---
tools/testing/selftests/net/tls.c | 19 +++++++++++++++++++
1 file changed, 19 insertions(+)
diff --git a/tools/testing/selftests/net/tls.c b/tools/testing/selftests/net/tls.c
index 47ddfc154036..01efbcd2258c 100644
--- a/tools/testing/selftests/net/tls.c
+++ b/tools/testing/selftests/net/tls.c
@@ -575,6 +575,25 @@ TEST_F(tls, recv_peek_large_buf_mult_recs)
EXPECT_EQ(memcmp(test_str, buf, len), 0);
}
+TEST_F(tls, recv_lowat)
+{
+ char send_mem[10] = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9 };
+ char recv_mem[20];
+ int lowat = 8;
+
+ EXPECT_EQ(send(self->fd, send_mem, 10, 0), 10);
+ EXPECT_EQ(send(self->fd, send_mem, 5, 0), 5);
+
+ memset(recv_mem, 0, 20);
+ EXPECT_EQ(setsockopt(self->cfd, SOL_SOCKET, SO_RCVLOWAT,
+ &lowat, sizeof(lowat)), 0);
+ EXPECT_EQ(recv(self->cfd, recv_mem, 1, MSG_WAITALL), 1);
+ EXPECT_EQ(recv(self->cfd, recv_mem + 1, 6, MSG_WAITALL), 6);
+ EXPECT_EQ(recv(self->cfd, recv_mem + 7, 10, 0), 8);
+
+ EXPECT_EQ(memcmp(send_mem, recv_mem, 10), 0);
+ EXPECT_EQ(memcmp(send_mem, recv_mem + 10, 5), 0);
+}
TEST_F(tls, pollin)
{
--
2.20.1
From 7046edfac25c54c0d1d68abdac08169bf2465d90 Mon Sep 17 00:00:00 2001
From: Jakub Kicinski <jakub.kicinski@netronome.com>
Date: Fri, 24 May 2019 10:34:32 -0700
Subject: [PATCH 32/38] net/tls: fix no wakeup on partial reads
[ Upstream commit 04b25a5411f966c2e586909a8496553b71876fae ]
When tls_sw_recvmsg() partially copies a record it pops that
record from ctx->recv_pkt and places it on rx_list.
Next iteration of tls_sw_recvmsg() reads from rx_list via
process_rx_list() before it enters the decryption loop.
If there is no more records to be read tls_wait_data()
will put the process on the wait queue and got to sleep.
This is incorrect, because some data was already copied
in process_rx_list().
In case of RPC connections process may never get woken up,
because peer also simply blocks in read().
I think this may also fix a similar issue when BPF is at
play, because after __tcp_bpf_recvmsg() returns some data
we subtract it from len and use continue to restart the
loop, but len could have just reached 0, so again we'd
sleep unnecessarily. That's added by:
commit d3b18ad31f93 ("tls: add bpf support to sk_msg handling")
Fixes: 692d7b5d1f91 ("tls: Fix recvmsg() to be able to peek across multiple records")
Reported-by: David Beckett <david.beckett@netronome.com>
Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com>
Reviewed-by: Dirk van der Merwe <dirk.vandermerwe@netronome.com>
Tested-by: David Beckett <david.beckett@netronome.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
---
net/tls/tls_sw.c | 8 ++------
1 file changed, 2 insertions(+), 6 deletions(-)
diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c
index 467c68503799..d350ff73a391 100644
--- a/net/tls/tls_sw.c
+++ b/net/tls/tls_sw.c
@@ -1692,7 +1692,7 @@ int tls_sw_recvmsg(struct sock *sk,
len = len - copied;
timeo = sock_rcvtimeo(sk, flags & MSG_DONTWAIT);
- do {
+ while (len && (decrypted + copied < target || ctx->recv_pkt)) {
bool retain_skb = false;
bool zc = false;
int to_decrypt;
@@ -1823,11 +1823,7 @@ int tls_sw_recvmsg(struct sock *sk,
} else {
break;
}
-
- /* If we have a new message from strparser, continue now. */
- if (decrypted + copied >= target && !ctx->recv_pkt)
- break;
- } while (len);
+ }
recv_end:
if (num_async) {
--
2.20.1
From 2d47f6eb72072125b62c53eadfeb386bd73f97a0 Mon Sep 17 00:00:00 2001
From: Jakub Kicinski <jakub.kicinski@netronome.com>
Date: Fri, 24 May 2019 10:34:33 -0700
Subject: [PATCH 33/38] selftests/tls: add test for sleeping even though there
is data
[ Upstream commit 043556d0917a1a5ea58795fe1656a2bce06d2649 ]
Add a test which sends 15 bytes of data, and then tries
to read 10 byes twice. Previously the second read would
sleep indifinitely, since the record was already decrypted
and there is only 5 bytes left, not full 10.
Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com>
Reviewed-by: Dirk van der Merwe <dirk.vandermerwe@netronome.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
---
tools/testing/selftests/net/tls.c | 15 +++++++++++++++
1 file changed, 15 insertions(+)
diff --git a/tools/testing/selftests/net/tls.c b/tools/testing/selftests/net/tls.c
index 01efbcd2258c..278c86134556 100644
--- a/tools/testing/selftests/net/tls.c
+++ b/tools/testing/selftests/net/tls.c
@@ -442,6 +442,21 @@ TEST_F(tls, multiple_send_single_recv)
EXPECT_EQ(memcmp(send_mem, recv_mem + send_len, send_len), 0);
}
+TEST_F(tls, single_send_multiple_recv_non_align)
+{
+ const unsigned int total_len = 15;
+ const unsigned int recv_len = 10;
+ char recv_mem[recv_len * 2];
+ char send_mem[total_len];
+
+ EXPECT_GE(send(self->fd, send_mem, total_len, 0), 0);
+ memset(recv_mem, 0, total_len);
+
+ EXPECT_EQ(recv(self->cfd, recv_mem, recv_len, 0), recv_len);
+ EXPECT_EQ(recv(self->cfd, recv_mem + recv_len, recv_len, 0), 5);
+ EXPECT_EQ(memcmp(send_mem, recv_mem, total_len), 0);
+}
+
TEST_F(tls, recv_partial)
{
char const *test_str = "test_read_partial";
--
2.20.1
From 8ca102363de971c09f27b0d09d28128bf0bb66f0 Mon Sep 17 00:00:00 2001
From: Jakub Kicinski <jakub.kicinski@netronome.com>
Date: Tue, 21 May 2019 19:02:00 -0700
Subject: [PATCH 34/38] net/tls: avoid NULL-deref on resync during device
removal
[ Upstream commit 38030d7cb77963ba84cdbe034806e2b81245339f ]
When netdev with active kTLS sockets in unregistered
notifier callback walks the offloaded sockets and
cleans up offload state. RX data may still be processed,
however, and if resync was requested prior to device
removal we would hit a NULL pointer dereference on
ctx->netdev use.
Make sure resync is under the device offload lock
and NULL-check the netdev pointer.
This should be safe, because the pointer is set to
NULL either in the netdev notifier (under said lock)
or when socket is completely dead and no resync can
happen.
The other access to ctx->netdev in tls_validate_xmit_skb()
does not dereference the pointer, it just checks it against
other device pointer, so it should be pretty safe (perhaps
we can add a READ_ONCE/WRITE_ONCE there, if paranoid).
Fixes: 4799ac81e52a ("tls: Add rx inline crypto offload")
Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com>
Reviewed-by: Dirk van der Merwe <dirk.vandermerwe@netronome.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
---
net/tls/tls_device.c | 15 ++++++++++-----
1 file changed, 10 insertions(+), 5 deletions(-)
diff --git a/net/tls/tls_device.c b/net/tls/tls_device.c
index 14dedb24fa7b..c9c1891e8201 100644
--- a/net/tls/tls_device.c
+++ b/net/tls/tls_device.c
@@ -573,8 +573,8 @@ void tls_device_write_space(struct sock *sk, struct tls_context *ctx)
void handle_device_resync(struct sock *sk, u32 seq, u64 rcd_sn)
{
struct tls_context *tls_ctx = tls_get_ctx(sk);
- struct net_device *netdev = tls_ctx->netdev;
struct tls_offload_context_rx *rx_ctx;
+ struct net_device *netdev;
u32 is_req_pending;
s64 resync_req;
u32 req_seq;
@@ -588,10 +588,15 @@ void handle_device_resync(struct sock *sk, u32 seq, u64 rcd_sn)
is_req_pending = resync_req;
if (unlikely(is_req_pending) && req_seq == seq &&
- atomic64_try_cmpxchg(&rx_ctx->resync_req, &resync_req, 0))
- netdev->tlsdev_ops->tls_dev_resync_rx(netdev, sk,
- seq + TLS_HEADER_SIZE - 1,
- rcd_sn);
+ atomic64_try_cmpxchg(&rx_ctx->resync_req, &resync_req, 0)) {
+ seq += TLS_HEADER_SIZE - 1;
+ down_read(&device_offload_lock);
+ netdev = tls_ctx->netdev;
+ if (netdev)
+ netdev->tlsdev_ops->tls_dev_resync_rx(netdev, sk, seq,
+ rcd_sn);
+ up_read(&device_offload_lock);
+ }
}
static int tls_device_reencrypt(struct sock *sk, struct sk_buff *skb)
--
2.20.1
From 9cc57a32209531dfae3120dddf14c83e71cbd1cb Mon Sep 17 00:00:00 2001
From: Jakub Kicinski <jakub.kicinski@netronome.com>
Date: Tue, 21 May 2019 19:02:01 -0700
Subject: [PATCH 35/38] net/tls: fix state removal with feature flags off
[ Upstream commit 3686637e507b48525fcea6fb91e1988bdbc14530 ]
TLS offload drivers shouldn't (and currently don't) block
the TLS offload feature changes based on whether there are
active offloaded connections or not.
This seems to be a good idea, because we want the admin to
be able to disable the TLS offload at any time, and there
is no clean way of disabling it for active connections
(TX side is quite problematic). So if features are cleared
existing connections will stay offloaded until they close,
and new connections will not attempt offload to a given
device.
However, the offload state removal handling is currently
broken if feature flags get cleared while there are
active TLS offloads.
RX side will completely bail from cleanup, even on normal
remove path, leaving device state dangling, potentially
causing issues when the 5-tuple is reused. It will also
fail to release the netdev reference.
Remove the RX-side warning message, in next release cycle
it should be printed when features are disabled, rather
than when connection dies, but for that we need a more
efficient method of finding connection of a given netdev
(a'la BPF offload code).
Fixes: 4799ac81e52a ("tls: Add rx inline crypto offload")
Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com>
Reviewed-by: Dirk van der Merwe <dirk.vandermerwe@netronome.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
---
net/tls/tls_device.c | 6 ------
1 file changed, 6 deletions(-)
diff --git a/net/tls/tls_device.c b/net/tls/tls_device.c
index c9c1891e8201..e9547322e24a 100644
--- a/net/tls/tls_device.c
+++ b/net/tls/tls_device.c
@@ -948,12 +948,6 @@ void tls_device_offload_cleanup_rx(struct sock *sk)
if (!netdev)
goto out;
- if (!(netdev->features & NETIF_F_HW_TLS_RX)) {
- pr_err_ratelimited("%s: device is missing NETIF_F_HW_TLS_RX cap\n",
- __func__);
- goto out;
- }
-
netdev->tlsdev_ops->tls_dev_del(netdev, tls_ctx,
TLS_OFFLOAD_CTX_DIR_RX);
--
2.20.1
From 0e69f58a18093ddd2f4f6486974ff6f092e9cbb7 Mon Sep 17 00:00:00 2001
From: Jakub Kicinski <jakub.kicinski@netronome.com>
Date: Tue, 21 May 2019 19:02:02 -0700
Subject: [PATCH 36/38] net/tls: don't ignore netdev notifications if no TLS
features
[ Upstream commit c3f4a6c39cf269a40d45f813c05fa830318ad875 ]
On device surprise removal path (the notifier) we can't
bail just because the features are disabled. They may
have been enabled during the lifetime of the device.
This bug leads to leaking netdev references and
use-after-frees if there are active connections while
device features are cleared.
Fixes: e8f69799810c ("net/tls: Add generic NIC offload infrastructure")
Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com>
Reviewed-by: Dirk van der Merwe <dirk.vandermerwe@netronome.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
---
net/tls/tls_device.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/net/tls/tls_device.c b/net/tls/tls_device.c
index e9547322e24a..b443840e82b8 100644
--- a/net/tls/tls_device.c
+++ b/net/tls/tls_device.c
@@ -1006,7 +1006,8 @@ static int tls_dev_event(struct notifier_block *this, unsigned long event,
{
struct net_device *dev = netdev_notifier_info_to_dev(ptr);
- if (!(dev->features & (NETIF_F_HW_TLS_RX | NETIF_F_HW_TLS_TX)))
+ if (!dev->tlsdev_ops &&
+ !(dev->features & (NETIF_F_HW_TLS_RX | NETIF_F_HW_TLS_TX)))
return NOTIFY_DONE;
switch (event) {
--
2.20.1
From 132f56f8ec29e95495f7c86fee6d09aec12c770b Mon Sep 17 00:00:00 2001
From: Vishal Kulkarni <vishal@chelsio.com>
Date: Thu, 23 May 2019 08:07:21 +0530
Subject: [PATCH 37/38] cxgb4: Revert "cxgb4: Remove SGE_HOST_PAGE_SIZE
dependency on page size"
[ Upstream commit ab0610efabb4c4f419a531455708caf1dd29357e ]
This reverts commit 2391b0030e241386d710df10e53e2cfc3c5d4fc1 which has
introduced regression. Now SGE's BAR2 Doorbell/GTS Page Size is
interpreted correctly in the firmware itself by using actual host
page size. Hence previous commit needs to be reverted.
Signed-off-by: Vishal Kulkarni <vishal@chelsio.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
---
drivers/net/ethernet/chelsio/cxgb4/t4_hw.c | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/drivers/net/ethernet/chelsio/cxgb4/t4_hw.c b/drivers/net/ethernet/chelsio/cxgb4/t4_hw.c
index a3544041ad32..8d63eed628d7 100644
--- a/drivers/net/ethernet/chelsio/cxgb4/t4_hw.c
+++ b/drivers/net/ethernet/chelsio/cxgb4/t4_hw.c
@@ -7206,10 +7206,21 @@ int t4_fixup_host_params(struct adapter *adap, unsigned int page_size,
unsigned int cache_line_size)
{
unsigned int page_shift = fls(page_size) - 1;
+ unsigned int sge_hps = page_shift - 10;
unsigned int stat_len = cache_line_size > 64 ? 128 : 64;
unsigned int fl_align = cache_line_size < 32 ? 32 : cache_line_size;
unsigned int fl_align_log = fls(fl_align) - 1;
+ t4_write_reg(adap, SGE_HOST_PAGE_SIZE_A,
+ HOSTPAGESIZEPF0_V(sge_hps) |
+ HOSTPAGESIZEPF1_V(sge_hps) |
+ HOSTPAGESIZEPF2_V(sge_hps) |
+ HOSTPAGESIZEPF3_V(sge_hps) |
+ HOSTPAGESIZEPF4_V(sge_hps) |
+ HOSTPAGESIZEPF5_V(sge_hps) |
+ HOSTPAGESIZEPF6_V(sge_hps) |
+ HOSTPAGESIZEPF7_V(sge_hps));
+
if (is_t4(adap->params.chip)) {
t4_set_reg_field(adap, SGE_CONTROL_A,
INGPADBOUNDARY_V(INGPADBOUNDARY_M) |
--
2.20.1
From a56bf38d03a5c14f31c9f314e2ab909d2c5d5f81 Mon Sep 17 00:00:00 2001
From: Willem de Bruijn <willemb@google.com>
Date: Thu, 30 May 2019 18:01:21 -0400
Subject: [PATCH 38/38] net: correct zerocopy refcnt with udp MSG_MORE
[ Upstream commit 100f6d8e09905c59be45b6316f8f369c0be1b2d8 ]
TCP zerocopy takes a uarg reference for every skb, plus one for the
tcp_sendmsg_locked datapath temporarily, to avoid reaching refcnt zero
as it builds, sends and frees skbs inside its inner loop.
UDP and RAW zerocopy do not send inside the inner loop so do not need
the extra sock_zerocopy_get + sock_zerocopy_put pair. Commit
52900d22288ed ("udp: elide zerocopy operation in hot path") introduced
extra_uref to pass the initial reference taken in sock_zerocopy_alloc
to the first generated skb.
But, sock_zerocopy_realloc takes this extra reference at the start of
every call. With MSG_MORE, no new skb may be generated to attach the
extra_uref to, so refcnt is incorrectly 2 with only one skb.
Do not take the extra ref if uarg && !tcp, which implies MSG_MORE.
Update extra_uref accordingly.
This conditional assignment triggers a false positive may be used
uninitialized warning, so have to initialize extra_uref at define.
Changes v1->v2: fix typo in Fixes SHA1
Fixes: 52900d22288e7 ("udp: elide zerocopy operation in hot path")
Reported-by: syzbot <syzkaller@googlegroups.com>
Diagnosed-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: Willem de Bruijn <willemb@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
---
net/core/skbuff.c | 6 +++++-
net/ipv4/ip_output.c | 4 ++--
net/ipv6/ip6_output.c | 4 ++--
3 files changed, 9 insertions(+), 5 deletions(-)
diff --git a/net/core/skbuff.c b/net/core/skbuff.c
index 40796b8bf820..e5bfd42fd083 100644
--- a/net/core/skbuff.c
+++ b/net/core/skbuff.c
@@ -1001,7 +1001,11 @@ struct ubuf_info *sock_zerocopy_realloc(struct sock *sk, size_t size,
uarg->len++;
uarg->bytelen = bytelen;
atomic_set(&sk->sk_zckey, ++next);
- sock_zerocopy_get(uarg);
+
+ /* no extra ref when appending to datagram (MSG_MORE) */
+ if (sk->sk_type == SOCK_STREAM)
+ sock_zerocopy_get(uarg);
+
return uarg;
}
}
diff --git a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c
index e8bb2e85c5a4..ac770940adb9 100644
--- a/net/ipv4/ip_output.c
+++ b/net/ipv4/ip_output.c
@@ -883,7 +883,7 @@ static int __ip_append_data(struct sock *sk,
int csummode = CHECKSUM_NONE;
struct rtable *rt = (struct rtable *)cork->dst;
unsigned int wmem_alloc_delta = 0;
- bool paged, extra_uref;
+ bool paged, extra_uref = false;
u32 tskey = 0;
skb = skb_peek_tail(queue);
@@ -923,7 +923,7 @@ static int __ip_append_data(struct sock *sk,
uarg = sock_zerocopy_realloc(sk, length, skb_zcopy(skb));
if (!uarg)
return -ENOBUFS;
- extra_uref = true;
+ extra_uref = !skb; /* only extra ref if !MSG_MORE */
if (rt->dst.dev->features & NETIF_F_SG &&
csummode == CHECKSUM_PARTIAL) {
paged = true;
diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c
index e51f3c648b09..b5e0c85bcd57 100644
--- a/net/ipv6/ip6_output.c
+++ b/net/ipv6/ip6_output.c
@@ -1275,7 +1275,7 @@ static int __ip6_append_data(struct sock *sk,
int csummode = CHECKSUM_NONE;
unsigned int maxnonfragsize, headersize;
unsigned int wmem_alloc_delta = 0;
- bool paged, extra_uref;
+ bool paged, extra_uref = false;
skb = skb_peek_tail(queue);
if (!skb) {
@@ -1344,7 +1344,7 @@ static int __ip6_append_data(struct sock *sk,
uarg = sock_zerocopy_realloc(sk, length, skb_zcopy(skb));
if (!uarg)
return -ENOBUFS;
- extra_uref = true;
+ extra_uref = !skb; /* only extra ref if !MSG_MORE */
if (rt->dst.dev->features & NETIF_F_SG &&
csummode == CHECKSUM_PARTIAL) {
paged = true;
--
2.20.1
next reply other threads:[~2019-05-31 21:16 UTC|newest]
Thread overview: 1679+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-05-31 21:16 David Miller [this message]
2019-05-31 22:18 ` [GIT] Networking Greg KH
2019-05-31 23:49 ` David Miller
-- strict thread matches above, loose matches on Subject: below --
2021-07-22 13:11 David Miller
2021-07-22 18:00 ` pr-tracker-bot
2021-03-25 0:47 David Miller
2021-03-25 1:25 ` pr-tracker-bot
2021-02-18 2:52 David Miller
2021-02-21 2:57 ` pr-tracker-bot
2021-02-10 3:36 David Miller
2021-02-10 20:19 ` pr-tracker-bot
2020-10-05 5:07 David Miller
2020-10-05 20:15 ` pr-tracker-bot
2020-09-22 1:44 Jakub Kicinski
2020-09-22 22:02 ` Linus Torvalds
2020-09-22 22:17 ` Jakub Kicinski
2020-09-22 22:15 ` pr-tracker-bot
2020-09-04 0:03 David Miller
2020-09-04 2:09 ` pr-tracker-bot
2020-08-23 2:19 David Miller
2020-08-23 18:39 ` pr-tracker-bot
2020-08-17 22:15 David Miller
2020-08-18 1:35 ` pr-tracker-bot
2020-08-13 23:10 David Miller
2020-08-14 3:14 ` pr-tracker-bot
2020-08-06 1:55 David Miller
2020-08-06 17:19 ` pr-tracker-bot
2020-08-06 21:39 ` John Stultz
2020-08-06 23:17 ` Eric Dumazet
2020-08-06 23:28 ` Eric Dumazet
2020-08-07 0:32 ` John Stultz
2020-08-07 6:23 ` John Stultz
2020-08-07 6:48 ` John Stultz
2020-08-07 7:19 ` Christoph Hellwig
2020-08-07 18:29 ` John Stultz
2020-08-01 21:36 David Miller
2020-08-01 23:45 ` Linus Torvalds
2020-08-02 1:45 ` David Miller
2020-08-02 0:00 ` pr-tracker-bot
2020-07-25 5:12 David Miller
2020-07-25 22:30 ` pr-tracker-bot
2020-07-10 23:58 David Miller
2020-07-11 4:15 ` pr-tracker-bot
2020-06-25 23:43 David Miller
2020-06-26 1:40 ` pr-tracker-bot
2020-06-16 23:25 David Miller
2020-06-17 0:50 ` pr-tracker-bot
2020-06-13 22:54 David Miller
2020-06-13 23:35 ` pr-tracker-bot
2020-06-08 0:21 David Miller
2020-06-08 0:35 ` pr-tracker-bot
2020-06-03 0:11 David Miller
2020-06-08 20:30 ` pr-tracker-bot
2020-05-31 5:13 David Miller
2020-05-31 18:05 ` pr-tracker-bot
2020-05-24 0:06 David Miller
2020-05-24 0:20 ` pr-tracker-bot
2020-05-15 19:39 David Miller
2020-05-15 20:15 ` pr-tracker-bot
2020-05-07 3:40 David Miller
2020-05-07 4:05 ` pr-tracker-bot
2020-04-25 2:02 David Miller
2020-04-25 2:30 ` pr-tracker-bot
2020-04-16 21:19 David Miller
2020-04-16 22:15 ` pr-tracker-bot
2020-04-06 18:22 David Miller
2020-04-07 19:55 ` pr-tracker-bot
2020-04-04 23:55 Alejandro Colomar
2020-03-31 20:55 David Miller
2020-04-01 0:55 ` pr-tracker-bot
2020-03-29 1:39 David Miller
2020-03-29 2:03 ` Linus Torvalds
2020-03-29 22:52 ` David Miller
2020-03-29 22:54 ` Linus Torvalds
2020-03-30 21:18 ` Paul Bolle
2020-03-30 23:46 ` Randy Dunlap
2020-03-29 2:05 ` pr-tracker-bot
2020-03-25 20:24 David Miller
2020-03-25 21:20 ` pr-tracker-bot
2020-03-12 23:14 David Miller
2020-03-13 1:15 ` pr-tracker-bot
2020-02-27 22:12 David Miller
2020-02-28 0:50 ` pr-tracker-bot
2020-02-21 0:50 David Miller
2020-02-21 21:10 ` pr-tracker-bot
2020-02-14 15:54 David Miller
2020-02-14 21:40 ` pr-tracker-bot
2020-02-08 22:36 David Miller
2020-02-09 1:30 ` pr-tracker-bot
2020-02-04 12:25 David Miller
2020-02-04 13:40 ` pr-tracker-bot
2020-01-30 14:41 David Miller
2020-01-30 18:00 ` pr-tracker-bot
2020-01-28 16:25 David Miller
2020-01-29 0:09 ` Linus Torvalds
2020-01-29 19:42 ` Linus Torvalds
2020-01-30 1:21 ` Mat Martineau
2020-01-25 21:41 David Miller
2020-01-25 22:35 ` pr-tracker-bot
2020-01-19 15:39 David Miller
2020-01-19 20:20 ` pr-tracker-bot
2020-01-09 6:55 David Miller
2020-01-09 19:15 ` pr-tracker-bot
2019-12-31 8:57 David Miller
2019-12-31 19:45 ` pr-tracker-bot
2019-12-22 2:09 David Miller
2019-12-22 19:10 ` pr-tracker-bot
2019-12-27 22:13 ` Linus Torvalds
2019-12-27 22:22 ` David Miller
2019-12-08 9:20 David Miller
2019-12-08 21:35 ` Linus Torvalds
2019-12-08 23:11 ` David Miller
2019-12-08 21:40 ` pr-tracker-bot
2019-12-09 10:46 ` Geert Uytterhoeven
2019-12-02 0:05 David Miller
2019-12-02 4:40 ` pr-tracker-bot
2019-11-27 23:43 David Miller
2019-11-28 1:55 ` pr-tracker-bot
2019-11-26 0:01 David Miller
2019-11-26 4:25 ` pr-tracker-bot
2019-11-22 18:17 David Miller
2019-11-22 22:45 ` pr-tracker-bot
2019-11-16 21:33 David Miller
2019-11-17 0:00 ` pr-tracker-bot
2019-11-19 13:01 ` Geert Uytterhoeven
2019-11-19 13:14 ` Yuehaibing
2019-11-09 1:34 David Miller
2019-11-09 2:35 ` pr-tracker-bot
2019-11-05 1:51 David Miller
2019-11-06 15:43 ` Greg KH
2019-11-01 23:50 David Miller
2019-11-02 1:10 ` pr-tracker-bot
2019-10-19 19:39 David Miller
2019-10-20 0:35 ` pr-tracker-bot
2019-10-05 1:47 David Miller
2019-10-05 20:05 ` pr-tracker-bot
2019-09-28 13:49 David Miller
2019-09-29 1:05 ` pr-tracker-bot
2019-09-17 22:39 David Miller
2019-09-18 19:55 ` pr-tracker-bot
2019-09-18 20:37 ` Linus Torvalds
2019-09-19 8:49 ` David Miller
2019-09-19 11:22 ` David Miller
2019-09-13 20:55 David Miller
2019-09-14 23:25 ` pr-tracker-bot
2019-09-01 20:45 David Miller
2019-09-02 17:05 ` pr-tracker-bot
2019-08-26 6:29 David Miller
2019-08-27 18:35 ` pr-tracker-bot
2019-08-19 2:46 David Miller
2019-08-19 17:45 ` pr-tracker-bot
2019-08-06 23:35 David Miller
2019-08-07 0:30 ` pr-tracker-bot
2019-07-22 4:13 David Miller
2019-07-22 16:40 ` pr-tracker-bot
2019-07-19 3:44 David Miller
2019-07-19 19:45 ` pr-tracker-bot
2019-07-13 6:17 David Miller
2019-07-13 23:15 ` pr-tracker-bot
2019-07-10 5:38 David Miller
2019-07-11 18:35 ` pr-tracker-bot
2019-06-27 2:50 David Miller
2019-06-28 0:30 ` pr-tracker-bot
2019-06-22 1:21 David Miller
2019-06-22 5:30 ` pr-tracker-bot
2019-06-22 5:36 ` Linus Torvalds
2019-06-22 5:43 ` Bhaskar Chowdhury
2019-06-17 18:17 David Miller
2019-06-17 23:35 ` pr-tracker-bot
2019-06-06 22:00 David Miller
2019-06-07 16:45 ` pr-tracker-bot
2019-05-30 23:05 David Miller
2019-05-31 4:25 ` pr-tracker-bot
2019-05-22 5:43 David Miller
2019-05-22 16:00 ` pr-tracker-bot
2019-05-20 6:28 David Miller
2019-05-20 16:00 ` pr-tracker-bot
2019-05-13 17:08 David Miller
2019-05-13 22:55 ` pr-tracker-bot
2019-05-09 23:55 David Miller
2019-05-10 0:15 ` pr-tracker-bot
2019-05-08 1:01 David Miller
2019-05-08 5:40 ` pr-tracker-bot
2019-05-08 0:59 David Miller
2019-05-02 15:22 David Miller
2019-05-02 18:20 ` pr-tracker-bot
2019-04-24 22:11 David Miller
2019-04-24 23:40 ` pr-tracker-bot
2019-04-17 5:16 David Miller
2019-04-17 17:50 ` pr-tracker-bot
2019-04-09 2:21 David Miller
2019-04-09 3:15 ` pr-tracker-bot
2019-04-05 1:47 David Miller
2019-04-05 5:05 ` pr-tracker-bot
2019-04-05 10:21 ` Tim Tassonis
2019-03-27 2:10 David Miller
2019-03-27 22:10 ` pr-tracker-bot
2019-03-14 1:08 David Miller
2019-03-14 17:55 ` pr-tracker-bot
2019-03-10 18:56 David Miller
2019-03-11 17:50 ` pr-tracker-bot
2019-03-04 23:26 David Miller
2019-03-05 17:40 ` pr-tracker-bot
2019-03-02 9:08 David Miller
2019-03-02 17:10 ` pr-tracker-bot
2019-02-24 2:57 David Miller
2019-02-24 18:15 ` pr-tracker-bot
2019-02-19 22:33 David Miller
2019-02-20 0:30 ` pr-tracker-bot
2019-02-15 2:00 David Miller
2019-02-15 17:10 ` pr-tracker-bot
2019-02-08 10:42 David Miller
2019-02-08 19:45 ` pr-tracker-bot
2019-01-29 20:55 David Miller
2019-01-30 1:25 ` pr-tracker-bot
2019-01-26 0:21 David Miller
2019-01-27 17:02 ` Linus Torvalds
2019-01-27 18:19 ` David Miller
2019-01-27 17:25 ` pr-tracker-bot
2019-01-25 19:58 David Miller
2019-01-25 23:15 ` Linus Torvalds
2019-01-25 23:25 ` Linus Torvalds
2019-01-25 23:30 ` David Miller
2019-01-25 23:30 ` David Miller
2019-01-27 17:25 ` pr-tracker-bot
2019-01-20 22:09 David Miller
2019-01-21 22:00 ` pr-tracker-bot
2019-01-13 21:33 David Miller
2019-01-15 17:30 ` pr-tracker-bot
2019-01-03 6:12 David Miller
2019-01-04 4:20 ` pr-tracker-bot
2018-12-22 0:20 David Miller
2018-12-25 2:43 ` David Miller
2018-12-27 22:05 ` pr-tracker-bot
2018-12-21 20:42 David Miller
2018-12-21 22:30 ` pr-tracker-bot
2018-12-20 5:03 David Miller
2018-12-20 16:10 ` pr-tracker-bot
2018-12-09 20:51 David Miller
2018-12-09 23:45 ` pr-tracker-bot
2018-11-28 20:27 David Miller
2018-11-28 22:15 ` pr-tracker-bot
2018-11-24 6:58 David Miller
2018-11-24 17:55 ` pr-tracker-bot
2018-11-19 3:12 David Miller
2018-11-19 17:30 ` pr-tracker-bot
2018-11-11 22:26 David Miller
2018-11-11 23:15 ` pr-tracker-bot
2018-11-06 1:42 David Miller
2018-11-06 15:45 ` Linus Torvalds
2018-11-01 1:44 David Miller
2018-11-01 16:17 ` Linus Torvalds
2018-10-29 2:46 David Miller
2018-10-29 3:19 ` Linus Torvalds
2018-10-26 23:12 David Miller
2018-10-24 3:29 David Miller
2018-10-24 6:01 ` Linus Torvalds
2018-10-24 7:23 ` Linus Torvalds
2018-10-24 7:50 ` Kalle Valo
2018-10-24 7:50 ` Kalle Valo
2018-10-24 8:05 ` Kalle Valo
2018-10-24 8:05 ` Kalle Valo
2018-10-24 13:28 ` Andy Gross
2018-10-24 13:28 ` Andy Gross
[not found] ` <CAPBZ5Qen9ak4eFqdHEKNVoGBWUtohu_hwYxZ2cwmyAU=a8Mv9A@mail.gmail.com>
2018-10-24 13:40 ` Linus Torvalds
2018-10-24 13:40 ` Linus Torvalds
2018-10-24 13:40 ` Linus Torvalds
2018-10-24 7:30 ` Kalle Valo
2018-10-24 7:30 ` Kalle Valo
2018-10-20 22:47 David Miller
2018-10-21 5:26 ` David Miller
2018-10-21 5:26 ` David Miller
2018-10-21 8:53 ` Greg KH
2018-10-19 0:19 David Miller
2018-10-19 8:13 ` Greg KH
2018-10-12 2:06 David Miller
2018-10-12 8:23 ` Greg KH
2018-10-06 5:20 David Miller
2018-10-06 9:26 ` Greg KH
2018-10-03 21:57 David Miller
2018-10-03 23:52 ` Greg KH
2018-09-25 3:32 David Miller
2018-09-25 9:43 ` Greg KH
2018-09-18 3:00 David Miller
2018-09-18 7:31 ` Greg KH
2018-09-18 15:43 ` David Miller
2018-09-18 8:02 ` Greg KH
2018-09-12 20:29 David Miller
2018-09-04 19:42 David Miller
2018-08-26 21:37 David Miller
2018-08-21 0:59 David Miller
2018-08-21 5:36 ` Greg KH
2018-08-23 7:04 ` Greg KH
2018-08-19 18:37 David Miller
2018-08-15 2:13 David Miller
2018-08-11 18:20 David Miller
2018-08-09 5:06 David Miller
2018-08-05 7:47 David Miller
2018-08-05 15:52 ` Linus Torvalds
2018-08-07 17:56 ` Dmitry Safonov
2018-08-02 4:37 David Miller
2018-08-02 17:15 ` Linus Torvalds
2018-07-30 20:14 David Miller
2018-07-24 23:51 David Miller
2018-07-18 23:34 David Miller
2018-07-02 13:03 David Miller
2018-07-02 18:29 ` Linus Torvalds
2018-07-03 13:52 ` Ursula Braun
2018-07-03 17:03 ` Linus Torvalds
2018-06-25 7:45 David Miller
2018-06-20 12:35 David Miller
2018-06-21 8:45 ` Ingo Molnar
2018-06-21 13:40 ` Matteo Croce
2018-06-21 13:46 ` Stephen Rothwell
2018-06-21 16:33 ` Ingo Molnar
2018-06-15 16:48 David Miller
2018-06-11 0:42 David Miller
2018-06-06 21:08 David Miller
2018-06-02 23:39 David Miller
2018-05-25 20:58 David Miller
2018-05-22 17:49 David Miller
2018-05-22 18:13 ` Greg KH
2018-05-20 23:30 David Miller
2018-05-11 21:00 David Miller
2018-05-11 21:25 ` Linus Torvalds
2018-05-12 0:10 ` David Miller
2018-05-12 0:12 ` Linus Torvalds
2018-05-03 20:21 David Miller
2018-04-24 20:38 David Miller
2018-04-20 1:17 David Miller
2018-04-11 21:53 David Miller
2018-04-09 2:50 David Miller
2018-04-04 17:52 David Miller
2018-04-02 17:54 David Miller
2018-04-02 16:29 David Miller
2018-04-02 17:54 ` David Miller
2018-03-30 20:28 David Miller
2018-03-22 20:32 David Miller
2018-03-05 3:30 David Miller
2018-02-23 18:04 David Miller
2018-02-19 19:47 David Miller
2018-02-09 19:57 David Miller
2018-02-06 20:09 David Miller
2018-02-03 1:04 David Miller
2018-01-31 20:53 David Miller
2018-01-26 16:36 David Miller
2018-01-24 23:23 David Miller
2018-01-23 16:05 David Miller
2018-01-19 2:25 David Miller
2018-01-16 20:34 David Miller
2018-01-10 22:21 David Miller
2018-01-09 3:13 David Miller
2017-12-29 2:05 David Miller
2017-12-21 21:32 David Miller
2017-12-15 21:04 David Miller
2017-12-08 20:05 David Miller
2017-12-03 18:14 David Miller
2017-11-29 15:40 David Miller
2017-11-23 20:02 David Miller
2017-11-21 11:45 David Miller
2017-11-18 1:55 David Miller
2017-11-15 11:33 David Miller
2017-11-15 20:19 ` Linus Torvalds
2017-11-15 22:15 ` Daniel Borkmann
2017-11-16 1:43 ` David Miller
2017-11-11 14:14 David Miller
2017-11-09 5:08 David Miller
2017-11-03 5:38 David Miller
2017-11-01 15:03 David Miller
2017-10-29 14:54 David Miller
2017-10-22 2:34 David Miller
2017-10-09 23:10 David Miller
2017-10-05 5:14 David Miller
2017-09-23 5:03 David Miller
2017-09-16 16:29 David Miller
2017-09-09 5:06 David Miller
2017-09-06 4:41 David Miller
2017-09-06 23:27 ` Linus Torvalds
2017-09-06 23:31 ` David Miller
2017-09-06 23:37 ` Linus Torvalds
2017-09-07 4:11 ` Coelho, Luciano
2017-09-07 4:11 ` Coelho, Luciano
2017-09-07 4:57 ` Linus Torvalds
2017-09-07 5:04 ` Coelho, Luciano
2017-09-07 5:04 ` Coelho, Luciano
2017-09-07 5:40 ` Luca Coelho
2017-09-07 5:46 ` Linus Torvalds
2017-09-01 19:06 David Miller
2017-08-21 4:53 David Miller
2017-08-16 0:52 David Miller
2017-08-16 2:21 ` Linus Torvalds
2017-08-16 3:03 ` David Miller
2017-08-30 9:48 ` Pavel Machek
2017-08-30 14:45 ` Kalle Valo
2017-08-30 17:11 ` David Miller
2017-08-30 17:31 ` Kalle Valo
2017-08-30 17:54 ` David Miller
2017-08-31 4:44 ` Kalle Valo
2017-08-31 6:52 ` Pavel Machek
2017-08-31 11:50 ` Kalle Valo
2017-08-10 17:21 David Miller
2017-08-09 6:10 David Miller
2017-08-01 5:16 David Miller
2017-07-20 23:10 David Miller
2017-07-13 0:08 David Miller
2017-07-08 10:36 David Miller
2017-07-09 18:49 ` Linus Torvalds
2017-07-09 19:11 ` Sowmini Varadhan
2017-07-09 20:40 ` David Miller
2017-07-10 10:05 ` Herbert Xu
2017-07-10 12:10 ` Sowmini Varadhan
2017-07-10 14:00 ` Herbert Xu
2017-07-11 20:31 ` David Miller
2017-07-12 1:44 ` Herbert Xu
2017-07-05 10:55 David Miller
2017-06-29 20:18 David Miller
2017-06-20 20:05 David Miller
2017-06-15 4:18 David Miller
2017-06-06 20:57 David Miller
2017-05-26 19:50 David Miller
2017-05-22 19:34 David Miller
2017-05-18 18:03 David Miller
2017-05-15 20:01 David Miller
2017-05-09 20:03 David Miller
2017-05-04 18:51 David Miller
2017-05-02 20:39 David Miller
2017-04-28 20:16 David Miller
2017-04-26 19:21 David Miller
2017-04-21 19:56 David Miller
2017-04-18 20:23 David Miller
2017-04-06 1:57 David Miller
2017-03-23 3:47 David Miller
2017-03-15 3:41 David Miller
2017-03-05 0:50 David Miller
2017-02-28 1:42 David Miller
2017-02-23 18:56 David Miller
2017-02-22 4:31 David Miller
2017-02-19 3:57 David Miller
2017-02-18 5:15 David Miller
2017-02-16 1:31 David Miller
2017-02-16 2:01 ` Linus Torvalds
2017-02-16 3:26 ` David Miller
2017-02-16 3:33 ` David Miller
2017-02-10 21:26 David Miller
2017-02-07 19:42 David Miller
2017-02-01 19:46 David Miller
2017-01-27 17:25 David Miller
2017-01-17 2:52 David Miller
2017-01-11 15:22 David Miller
2017-01-11 17:53 ` Linus Torvalds
2017-01-09 3:38 David Miller
2017-01-09 20:08 ` Linus Torvalds
2017-01-09 20:24 ` David Miller
2017-01-09 20:44 ` Kalle Valo
2017-01-09 20:34 ` Kalle Valo
2017-01-04 21:45 David Miller
2016-12-27 19:43 David Miller
2016-12-23 19:20 David Miller
2016-12-20 21:02 David Miller
2016-12-18 2:55 David Miller
2016-12-11 20:21 David Miller
2016-12-10 4:42 David Miller
2016-12-06 17:04 David Miller
2016-12-02 19:40 David Miller
2016-11-26 21:04 David Miller
2016-11-21 18:34 David Miller
2016-11-14 22:08 David Miller
2016-10-13 16:27 David Miller
2016-10-11 9:06 David Miller
2016-10-06 5:49 David Miller
2016-10-05 5:44 David Miller
2016-10-05 22:29 ` Stephen Rothwell
2016-10-05 22:37 ` Linus Torvalds
2016-10-06 0:09 ` Pablo Neira Ayuso
2016-10-06 0:26 ` David Miller
2016-10-06 0:52 ` Stephen Rothwell
2016-10-06 2:14 ` Linus Torvalds
2016-10-06 2:51 ` Stephen Rothwell
2016-10-06 2:56 ` David Miller
2016-10-06 5:07 ` Stephen Rothwell
2016-10-02 13:01 David Miller
2016-09-22 7:52 David Miller
2016-09-12 3:08 David Miller
2016-08-29 5:44 David Miller
2016-08-17 23:58 David Miller
2016-08-03 4:42 David Miller
2016-07-27 8:07 David Miller
2016-07-23 6:07 David Miller
2016-07-05 23:23 David Miller
2016-06-10 7:29 David Miller
2016-06-01 3:38 David Miller
2016-05-21 0:09 David Miller
2016-05-17 19:11 David Miller
2016-05-18 1:00 ` Linus Torvalds
2016-05-18 3:37 ` Emmanuel Grumbach
2016-05-18 10:51 ` Coelho, Luciano
2016-05-18 10:51 ` Coelho, Luciano
2016-05-18 12:20 ` Reinoud Koornstra
2016-05-18 12:41 ` Coelho, Luciano
2016-05-18 12:41 ` Coelho, Luciano
2016-05-18 12:51 ` Reinoud Koornstra
2016-05-18 14:23 ` Coelho, Luciano
2016-05-18 14:23 ` Coelho, Luciano
2016-05-18 18:45 ` Linus Torvalds
2016-05-18 18:50 ` Coelho, Luciano
2016-05-18 18:50 ` Coelho, Luciano
2016-05-18 18:58 ` Kalle Valo
2016-05-18 18:58 ` Kalle Valo
2016-05-18 19:00 ` Linus Torvalds
2016-05-18 19:00 ` Linus Torvalds
2016-05-18 19:03 ` Coelho, Luciano
2016-05-18 19:03 ` Coelho, Luciano
2016-05-18 19:11 ` Kalle Valo
2016-05-18 18:51 ` Linus Torvalds
2016-05-19 8:20 ` Reinoud Koornstra
2016-05-19 9:14 ` Reinoud Koornstra
2016-05-19 9:40 ` Sedat Dilek
2016-05-19 4:08 ` David Miller
2016-05-14 20:16 David Miller
2016-05-09 4:47 David Miller
2016-05-03 20:38 David Miller
2016-05-02 5:11 David Miller
2016-04-26 21:58 David Miller
2016-04-21 19:55 David Miller
2016-04-09 5:14 David Miller
2016-04-02 0:04 David Miller
2016-04-02 0:04 ` David Miller
2016-03-24 2:23 David Miller
2016-03-19 4:42 David Miller
2016-03-21 15:57 ` Yishai Hadas
2016-03-07 22:00 David Miller
2016-02-22 4:07 David Miller
2016-02-11 8:39 David Miller
2016-02-01 22:28 David Miller
2016-01-18 19:06 David Miller
2016-01-18 19:07 ` David Miller
2016-01-15 21:11 David Miller
2016-01-13 2:51 David Miller
2016-01-13 5:09 ` Stephen Rothwell
2016-01-13 5:20 ` David Miller
2016-01-14 11:03 ` Marc Zyngier
2016-01-16 11:57 ` Kalle Valo
2016-01-16 11:57 ` Kalle Valo
2016-01-18 11:30 ` Marc Zyngier
2016-01-18 22:05 ` Arend van Spriel
2016-01-18 22:05 ` Arend van Spriel
2016-01-19 8:55 ` Marc Zyngier
2016-01-19 9:36 ` Arend van Spriel
2016-01-19 9:51 ` Marc Zyngier
2016-01-19 9:51 ` Marc Zyngier
2016-01-19 13:08 ` Kalle Valo
2016-01-19 13:08 ` Kalle Valo
2016-01-06 22:09 David Miller
2015-12-31 18:19 David Miller
2015-12-31 18:19 ` David Miller
2015-12-17 21:43 David Miller
2015-12-03 21:01 David Miller
2015-11-17 21:48 David Miller
2015-11-10 22:07 David Miller
2015-11-03 21:37 David Miller
2015-11-03 21:37 ` David Miller
2015-10-29 15:19 David Miller
2015-10-31 18:24 ` David Miller
2015-10-28 6:32 David Miller
2015-10-28 9:39 ` Linus Torvalds
2015-10-28 11:03 ` Hannes Frederic Sowa
2015-10-28 14:27 ` Rasmus Villemoes
2015-11-09 12:09 ` Hannes Frederic Sowa
2015-11-09 14:16 ` Rasmus Villemoes
2015-10-28 13:21 ` David Miller
2015-11-02 20:34 ` Andy Lutomirski
2015-11-02 21:16 ` Linus Torvalds
2015-11-02 21:19 ` Linus Torvalds
2015-11-02 21:30 ` Andy Lutomirski
2015-11-02 22:14 ` Hannes Frederic Sowa
2015-11-02 23:21 ` Linus Torvalds
2015-11-03 0:56 ` Benjamin Herrenschmidt
2015-11-03 1:54 ` Linus Torvalds
2015-11-03 1:58 ` Andy Lutomirski
2015-11-03 2:38 ` Linus Torvalds
2015-11-03 12:53 ` Hannes Frederic Sowa
2015-11-03 20:05 ` Linus Torvalds
2015-11-03 20:44 ` Linus Torvalds
2015-11-06 15:27 ` David Laight
2015-11-06 15:27 ` David Laight
2015-11-07 0:49 ` Andy Lutomirski
2015-11-09 8:12 ` Ingo Molnar
2015-11-09 10:38 ` Hannes Frederic Sowa
2015-11-09 10:38 ` Hannes Frederic Sowa
2015-10-19 6:56 David Miller
2015-10-02 0:43 David Miller
2015-09-26 5:09 David Miller
2015-09-10 19:42 David Miller
2015-09-03 5:35 David Miller
2015-09-03 5:35 ` David Miller
2015-09-03 6:23 ` Stephen Rothwell
2015-09-03 16:45 ` Linus Torvalds
2015-09-03 17:40 ` David Miller
2015-09-03 18:22 ` Linus Torvalds
2015-09-03 18:31 ` Linus Torvalds
2015-09-03 21:09 ` Marcel Holtmann
2015-09-04 9:07 ` David Laight
2015-09-04 17:38 ` Rustad, Mark D
2015-09-07 11:02 ` David Laight
2015-09-08 16:51 ` Rustad, Mark D
2020-09-12 19:08 ` Alejandro Colomar
2015-09-03 18:34 ` Joe Perches
2015-09-03 19:32 ` Julia Lawall
2015-09-03 19:48 ` Linus Torvalds
2015-09-03 20:55 ` Julia Lawall
2015-09-03 21:04 ` Linus Torvalds
2015-09-03 21:26 ` Julia Lawall
2015-09-03 18:46 ` David Miller
2015-09-05 16:14 ` Lorenzo Bianconi
2015-09-03 23:23 ` David Ahern
[not found] ` <CACJDEmqywG91TA7nToQgEPvnenn=FqfQE5-2Yg=GMoWghhc8=Q@mail.gmail.com>
2015-09-09 2:16 ` Konrad Rzeszutek Wilk
2015-09-09 8:46 ` Corinna Vinschen
2015-08-28 0:42 David Miller
2015-08-20 0:34 David Miller
2015-08-13 6:06 David Miller
2015-07-31 23:08 David Miller
2015-07-22 20:22 David Miller
2015-07-13 5:55 David Miller
2015-07-01 3:52 David Miller
2015-06-24 13:39 David Miller
2015-06-24 13:39 ` David Miller
2015-06-24 23:38 ` Linus Torvalds
2015-06-25 1:52 ` Weiny, Ira
2015-06-25 1:52 ` Weiny, Ira
[not found] ` <2807E5FD2F6FDA4886F6618EAC48510E110A2D71-8k97q/ur5Z2krb+BlOpmy7fspsVTdybXVpNB7YpNyf8@public.gmane.org>
2015-06-25 10:40 ` Or Gerlitz
[not found] ` <CAJ3xEMj34d-+vtkZ1nELrdG1pw89uxvPBRx3wp6WM_uoAa5oZA-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2015-06-25 13:39 ` Weiny, Ira
2015-06-25 15:01 ` Or Gerlitz
2015-06-25 16:24 ` Paul Gortmaker
2015-06-25 16:52 ` Joe Perches
2020-02-24 10:01 ` Geert Uytterhoeven
2020-02-24 12:47 ` Greg KH
2020-02-24 16:33 ` Leon Romanovsky
2020-02-24 16:35 ` Doug Ledford
2020-02-24 16:53 ` Geert Uytterhoeven
2015-07-20 10:11 ` Xiong Zhou
2015-07-20 10:44 ` Johannes Berg
2015-07-20 10:44 ` Johannes Berg
2015-06-13 0:00 David Miller
2015-06-09 0:33 David Miller
2015-06-02 0:17 David Miller
2015-05-27 18:55 David Miller
2015-05-22 20:44 David Miller
2015-05-22 20:44 ` David Miller
2015-05-13 3:49 David Miller
2015-05-02 2:43 David Miller
2015-04-27 17:56 David Miller
2015-04-22 2:58 David Miller
2015-04-17 20:13 David Miller
2015-04-15 4:16 David Miller
2015-04-15 4:16 ` David Miller
2015-04-15 4:34 ` Stephen Rothwell
2015-04-06 21:39 David Miller
2015-04-01 19:48 David Miller
2015-04-29 14:51 ` Denys Vlasenko
2015-04-29 15:17 ` D.S. Ljungmark
2015-04-29 16:50 ` Dan Williams
2015-04-29 16:55 ` D.S. Ljungmark
2015-04-29 18:13 ` Dan Williams
2015-04-29 17:53 ` Denys Vlasenko
2015-03-23 17:00 David Miller
2015-03-19 4:59 David Miller
2015-03-09 20:30 David Miller
2015-03-03 20:35 David Miller
2015-02-17 18:48 David Miller
2015-02-10 3:16 David Miller
2015-02-10 3:16 ` David Miller
2015-02-10 4:37 ` Linus Torvalds
2015-02-10 4:52 ` David Miller
2015-02-10 16:33 ` Linus Torvalds
2015-02-10 16:58 ` Linus Torvalds
2015-02-10 21:26 ` Linus Torvalds
2015-02-10 21:50 ` Linus Torvalds
2015-02-11 1:45 ` Al Viro
2015-02-11 2:01 ` Linus Torvalds
2015-02-11 3:58 ` Linus Torvalds
2015-02-11 4:02 ` Al Viro
2015-02-11 4:09 ` Linus Torvalds
2015-02-11 5:28 ` David Miller
2015-02-11 5:28 ` David Miller
2015-02-11 5:54 ` Linus Torvalds
2015-02-11 14:01 ` David Miller
2015-02-11 14:00 ` Al Viro
2015-02-11 4:01 ` Al Viro
2015-02-11 4:10 ` Al Viro
2015-02-05 9:07 David Miller
2015-01-27 20:36 David Miller
2015-01-20 1:07 David Miller
2015-01-14 22:12 David Miller
2015-01-07 1:35 David Miller
2014-12-29 21:33 David Miller
2014-12-18 21:39 David Miller
2014-12-12 21:02 David Miller
2014-12-11 21:02 David Miller
2014-12-11 21:02 ` David Miller
2014-12-03 4:39 David Miller
2014-11-26 21:48 David Miller
2014-11-21 22:37 David Miller
2014-11-13 20:35 David Miller
2014-10-31 20:59 David Miller
2014-10-19 17:23 David Miller
2014-10-20 0:32 ` Linus Torvalds
2014-10-20 1:03 ` David Miller
2014-10-20 7:53 ` Pablo Neira Ayuso
2014-10-18 4:18 David Miller
2014-10-19 2:15 ` Markus Trippelsdorf
2014-10-19 2:48 ` David Miller
2014-10-19 2:48 ` David Miller
2014-10-11 21:59 David Miller
2014-10-08 21:20 David Miller
2014-10-08 21:20 ` David Miller
2014-10-02 3:03 David Miller
2014-09-24 19:41 David Miller
2014-09-22 22:54 David Miller
2014-09-07 23:41 David Miller
2014-08-14 23:16 David Miller
2014-08-12 4:12 David Miller
2014-08-07 3:20 David Miller
2014-08-06 5:02 David Miller
2014-08-06 5:02 ` David Miller
2014-07-29 23:55 David Miller
2014-07-30 0:36 ` Stephen Rothwell
2014-07-30 3:44 ` David Miller
2014-07-22 5:43 David Miller
2014-07-15 7:28 David Miller
2014-07-15 15:52 ` Linus Torvalds
2014-07-15 18:46 ` David Miller
2014-07-15 19:02 ` John W. Linville
2014-07-17 2:18 ` Kalle Valo
2014-07-17 3:05 ` Linus Torvalds
2014-07-15 23:02 ` David Miller
[not found] ` <CA+55aFzLX0g0j4mBrW6-RgK10wVSG+fL=v9i2bLGdKXTMMazoQ@mail.gmail.com>
2014-07-16 3:05 ` David Miller
2014-06-26 4:06 David Miller
2014-06-16 2:33 David Miller
2014-06-16 23:04 ` Dave Jones
2014-06-16 23:42 ` Dave Jones
2014-06-23 23:47 ` Dave Jones
2014-06-25 0:04 ` Linus Torvalds
2014-06-25 0:26 ` David Miller
2014-06-25 3:05 ` Tom Herbert
2014-06-25 3:51 ` Tom Herbert
2014-06-12 19:14 David Miller
2014-06-12 19:14 ` David Miller
2014-06-13 6:48 ` Linus Torvalds
2014-06-13 6:59 ` Johannes Berg
2014-06-13 7:21 ` Geert Uytterhoeven
2014-06-13 14:28 ` Linus Torvalds
2014-06-13 14:44 ` Dave Jones
2014-06-13 7:53 ` David Miller
2014-06-03 1:11 David Miller
2014-05-22 21:51 David Miller
2014-05-05 21:42 David Miller
2014-04-18 23:30 David Miller
2014-04-16 2:47 David Miller
2014-04-12 21:42 David Miller
2014-04-08 18:46 David Miller
2014-04-08 18:46 ` David Miller
2014-04-03 3:25 David Miller
2014-04-03 3:25 ` David Miller
2014-03-28 21:38 David Miller
2014-03-24 19:50 David Miller
2014-03-13 20:36 David Miller
2014-03-03 23:28 David Miller
2014-02-18 23:34 David Miller
2014-02-11 7:14 David Miller
2014-02-11 7:14 ` David Miller
2014-01-29 8:55 David Miller
2014-01-25 9:33 David Miller
2014-01-25 9:33 ` David Miller
2014-01-18 3:25 David Miller
2014-01-10 20:31 David Miller
2014-01-06 22:17 David Miller
2013-12-30 4:02 David Miller
2013-12-30 12:50 ` Or Gerlitz
2013-12-31 0:52 ` David Miller
2013-12-31 5:56 ` Or Gerlitz
2013-12-31 6:05 ` David Miller
2013-12-31 8:05 ` Wei-Chun Chao
2013-12-31 18:15 ` David Miller
2013-12-17 22:29 David Miller
2013-12-15 4:14 David Miller
2013-12-02 2:30 David Miller
2013-11-21 19:26 David Miller
2013-11-19 22:18 David Miller
2013-11-11 20:47 David Miller
2013-11-11 20:47 ` David Miller
2013-11-04 6:00 David Miller
2013-10-22 20:36 David Miller
2013-10-01 17:57 David Miller
2013-09-19 18:55 David Miller
2013-09-19 18:55 ` David Miller
2013-09-11 21:25 David Miller
2013-09-11 21:25 ` David Miller
2013-09-06 19:40 David Miller
2013-09-05 20:37 David Miller
2013-09-05 20:37 ` David Miller
2013-08-30 22:14 David Miller
2013-08-23 7:45 David Miller
2013-08-15 23:28 David Miller
2013-08-03 19:38 David Miller
2013-07-31 7:37 David Miller
2013-07-19 2:35 David Miller
2013-07-13 6:16 David Miller
2013-07-09 21:53 David Miller
2013-07-09 21:53 ` David Miller
2013-07-10 2:50 ` Linus Torvalds
2013-07-10 4:35 ` David Miller
2013-07-10 12:25 ` Markus Trippelsdorf
2013-07-10 12:43 ` Josh Boyer
2013-07-10 12:50 ` Markus Trippelsdorf
2013-07-10 12:52 ` Alexey Brodkin
2013-07-10 18:07 ` David Miller
2013-07-07 20:21 David Miller
2013-07-07 20:21 ` David Miller
2013-07-07 21:27 ` Linus Torvalds
2013-07-07 22:33 ` Linus Torvalds
2013-07-08 3:14 ` David Miller
2013-07-08 6:38 ` Eliezer Tamir
2013-07-09 2:48 ` Andrew Morton
2013-07-09 6:35 ` Eliezer Tamir
2013-07-09 2:29 ` Rob Landley
2013-07-09 17:32 ` Linus Torvalds
2013-07-10 1:54 ` Rob Landley
2013-06-27 0:53 David Miller
2013-06-27 0:53 ` David Miller
2013-06-15 10:50 David Miller
2013-06-12 21:14 David Miller
2013-06-06 19:16 David Miller
2013-06-05 9:02 David Miller
2013-05-24 7:57 David Miller
2013-05-24 7:57 ` David Miller
2013-05-13 20:08 David Miller
2013-05-13 21:26 ` Sergei Shtylyov
2013-05-09 1:01 David Miller
2013-05-06 21:05 David Miller
2013-05-06 22:57 ` Linus Torvalds
2013-05-06 23:09 ` David Miller
2013-05-06 23:32 ` Jeff Kirsher
2013-05-07 2:10 ` David Miller
2013-05-07 6:02 ` Jeff Kirsher
2013-05-05 2:42 David Miller
2013-05-05 10:24 ` Maarten Lankhorst
2013-05-06 16:46 ` Allan, Bruce W
2013-05-01 20:47 David Miller
2013-05-01 20:47 ` David Miller
2013-05-02 1:28 ` Linus Torvalds
2013-05-02 4:37 ` Linus Torvalds
2013-05-02 4:55 ` Linus Torvalds
2013-05-02 6:45 ` David Miller
2013-05-02 7:03 ` Patrick McHardy
2013-05-02 8:16 ` David Miller
2013-05-02 8:36 ` Patrick McHardy
2013-05-02 9:06 ` Bjørn Mork
2013-05-02 9:17 ` David Miller
2013-05-02 10:19 ` Bjørn Mork
2013-05-02 10:28 ` Ben Hutchings
2013-05-02 11:51 ` Bjørn Mork
2013-05-02 16:22 ` Michał Mirosław
2013-05-03 23:35 ` Pavel Simerda
2013-05-09 9:02 ` Pavel Simerda
2013-05-02 16:27 ` Dan Williams
2013-05-02 18:01 ` David Miller
2013-05-02 18:53 ` John Stoffel
2013-05-02 20:18 ` Ben Hutchings
2013-05-02 20:40 ` John Stoffel
2013-05-02 17:58 ` David Miller
2013-05-02 5:23 ` David Miller
2013-05-02 6:41 ` Francois Romieu
2013-05-02 16:34 ` Dan Williams
2013-05-02 17:39 ` David Miller
2013-05-02 17:47 ` Michał Mirosław
2013-05-02 17:55 ` David Miller
2013-05-02 18:06 ` David Miller
2013-05-02 18:15 ` Dan Williams
2013-05-02 18:21 ` David Miller
2013-05-02 18:24 ` Dan Williams
2013-05-02 18:52 ` Linus Torvalds
2013-05-02 18:53 ` Linus Torvalds
2013-05-02 19:17 ` Dan Williams
2013-05-02 20:22 ` Dan Williams
2013-05-06 23:35 ` Dan Williams
2013-04-21 1:16 David Miller
2013-04-17 5:42 David Miller
2013-04-10 19:49 David Miller
2013-04-05 20:41 David Miller
2013-04-02 21:11 David Miller
2013-04-01 3:33 David Miller
2013-03-26 19:31 David Miller
2013-03-19 19:05 David Miller
2013-03-19 19:05 ` David Miller
2013-03-11 11:43 David Miller
2013-03-04 19:58 David Miller
2013-02-25 21:09 David Miller
2013-02-20 22:09 David Miller
2013-02-20 22:09 ` David Miller
2013-02-21 3:05 ` Linus Torvalds
2013-02-21 3:12 ` Linus Torvalds
2013-02-21 3:40 ` David Miller
2013-02-21 3:55 ` Paul Gortmaker
2013-02-21 14:37 ` Mark Lord
2013-02-22 2:26 ` Paul Gortmaker
2013-02-22 3:54 ` Mark Lord
2013-02-13 19:21 David Miller
2013-02-13 19:21 ` David Miller
2013-02-08 20:17 David Miller
2013-02-08 20:17 ` David Miller
2013-02-08 21:00 ` Linus Torvalds
2013-02-08 21:57 ` David Miller
2013-02-08 22:50 ` Francois Romieu
2013-02-10 9:17 ` Jörg Otte
2013-02-11 0:07 ` David Miller
2013-01-28 6:03 David Miller
2013-01-12 23:56 David Miller
2013-01-13 2:03 ` Eric Dumazet
2013-01-08 8:10 David Miller
2012-12-27 3:44 David Miller
2012-12-20 0:06 David Miller
2012-12-13 20:08 David Miller
2012-12-12 20:11 David Miller
2012-12-12 20:11 ` David Miller
2012-12-13 2:15 ` Linus Torvalds
2012-12-13 2:27 ` David Miller
2012-12-13 2:37 ` Linus Torvalds
2012-12-13 3:22 ` David Miller
2012-12-13 21:52 ` Olof Johansson
2012-12-13 21:52 ` Olof Johansson
2012-12-10 22:31 David Miller
2012-12-07 20:35 David Miller
2012-12-03 0:36 David Miller
2012-11-29 2:47 David Miller
2012-12-03 0:13 ` Linus Torvalds
2012-12-03 0:32 ` David Miller
2012-11-23 20:18 David Miller
2012-11-21 17:36 David Miller
2012-11-16 22:07 David Miller
2012-11-10 19:46 David Miller
2012-11-03 3:46 David Miller
2012-10-26 21:38 David Miller
2012-10-17 5:05 David Miller
2012-10-17 5:05 ` David Miller
2012-10-12 19:25 David Miller
2012-10-10 1:26 David Miller
2012-10-04 21:42 David Miller
2012-10-02 19:42 David Miller
2012-10-02 19:42 ` David Miller
2012-09-28 7:31 David Miller
2012-09-25 21:07 David Miller
2012-09-21 19:48 David Miller
2012-09-21 19:48 ` David Miller
2012-09-14 18:48 David Miller
2012-09-02 4:34 David Miller
2012-08-21 23:38 David Miller
2012-08-22 0:08 ` Al Viro
2012-08-13 6:06 David Miller
2012-08-06 21:23 David Miller
2012-07-31 22:30 David Miller
2012-07-28 7:52 David Miller
2012-07-28 8:41 ` Eric Dumazet
2012-07-26 23:58 David Miller
2012-07-24 7:41 David Miller
2012-07-24 7:41 ` David Miller
2012-07-19 4:32 David Miller
2012-07-17 14:36 David Miller
2012-07-02 1:51 David Miller
2012-06-28 5:21 David Miller
2012-06-14 6:00 David Miller
2012-06-02 21:31 David Miller
2012-05-30 22:37 David Miller
2012-05-24 6:05 David Miller
2012-05-21 8:46 David Miller
2012-05-21 8:46 ` David Miller
2012-05-19 3:43 David Miller
2012-05-17 22:44 David Miller
2012-05-16 20:09 David Miller
2012-05-14 4:05 David Miller
2012-05-12 8:20 David Miller
2012-05-03 6:59 David Miller
2012-05-03 9:06 ` Srivatsa S. Bhat
2012-05-03 9:32 ` David Miller
2012-05-03 9:36 ` Srivatsa S. Bhat
2012-05-03 9:44 ` Jeff Kirsher
2012-04-23 2:28 David Miller
2012-04-12 19:39 David Miller
2012-04-06 17:35 David Miller
2012-04-03 0:34 David Miller
2012-04-03 19:23 ` Torsten Kaiser
2012-03-25 21:51 David Miller
2012-03-27 22:51 ` David Miller
2012-03-27 23:51 ` Linus Torvalds
2012-03-23 3:32 David Miller
2012-03-20 21:24 David Miller
2012-03-20 21:24 ` David Miller
2012-03-18 0:53 David Miller
2012-03-14 0:53 David Miller
2012-03-09 9:29 David Miller
2012-03-07 5:22 David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190531.141626.1051997873999042502.davem@davemloft.net \
--to=davem@davemloft.net \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.